AppLocker

AppLocker is an application whitelisting technology introduced with Microsoft's Windows 7 operating system. It allows restricting which programs users can execute based on the program's path, publisher, or hash,[1] and in an enterprise can be configured via Group Policy.

Summary

Windows AppLocker allows administrators to control which executable files are denied or allowed to execute. With AppLocker, administrators are able to create rules based on file names, publishers or file location that will allow certain files to execute. Unlike the earlier Software Restriction Policies, which was originally available for Windows XP and Windows Server 2003,[2] AppLocker rules can apply to individuals or groups. Policies are used to group users into different enforcement levels. For example, some users can be added to an 'audit' policy that will allow administrators to see the rule violations before moving that user to a higher enforcement level.

AppLocker availability charts

AppLocker availability on Windows 7[3]
Starter Home Basic Home Premium Professional Enterprise Ultimate
No No No Create policies, but cannot enforce Create and enforce policies Create and enforce policies
AppLocker availability on Windows 8[4]
RT (Core) Pro Enterprise
No No No Yes
AppLocker availability on Windows 10[5][6]
Home Pro Enterprise Education
No No Yes Yes

Bypass Techniques

There are several generic techniques for bypassing AppLocker:

  • Writing an unapproved program to a whitelisted location.
  • Using a whitelisted program as a delegate to launch an unapproved program.[7][8][9][10]
  • Hijacking the DLLs loaded by a trusted application in an untrusted directory.[11]

References

  1. ^ "AppLocker". Microsoft TechNet. Microsoft. Retrieved 23 August 2012.
  2. ^ "Using Software Restriction Policies to Protect Against Unauthorized Software". Microsoft TechNet. Microsoft. Retrieved 27 July 2017.
  3. ^ "Windows Versions That Support AppLocker". Microsoft. Retrieved 27 July 2017.
  4. ^ Visser, Erwin (18 April 2012). "Introducing Windows 8 Enterprise and Enhanced Software Assurance for Today's Modern Workforce". Windows for your Business. Microsoft. Retrieved 22 November 2012.
  5. ^ Dudau, Vlad (10 June 2015). "Microsoft shows OEMs how to market Windows 10; talks features and SKUs". Neowin. Neowin LLC. Retrieved 19 June 2015.
  6. ^ "Find out which Windows is right for you". Microsoft. Microsoft Inc. Retrieved 2 July 2015.
  7. ^ "AppLocker Bypass – InstallUtil". Penetration Testing Lab. Retrieved 27 July 2017.
  8. ^ "AppLocker Bypass Techniques". Evi1cg's blog. Retrieved 27 July 2017.
  9. ^ "How to Bypass Windows AppLocker". Hacking Tutorial. Retrieved 27 July 2017.
  10. ^ "caseysmithrc/gethelp.cs". Github Gist. Retrieved 14 May 2019.
  11. ^ "Bypassing Application Whitelisting". CERT/CC Blog. Retrieved 27 July 2017.
Features new to Windows 7

Some of the new features included in Windows 7 are advancements in touch, speech and handwriting recognition, support for virtual hard disks, support for additional file formats, improved performance on multi-core processors, improved boot performance, and kernel improvements.

List of Microsoft Windows components

The following is a list of Microsoft Windows components.

List of features removed in Windows 7

Windows 7 contains many new features. However, similarly to the transition from Windows XP to Windows Vista, certain capabilities and programs that are present in Windows Vista are no longer present in Windows 7 or have changed. The following is a list of features that originated in earlier versions of Windows and included up to Windows Vista.

List of filename extensions (F–L)

This alphabetical list of filename extensions contains standard extensions associated with computer files.

Technical features new to Windows Vista

Windows Vista (formerly codenamed Windows "Longhorn") has many significant new features compared with previous Microsoft Windows versions, covering most aspects of the operating system.

In addition to the new user interface, security capabilities, and developer technologies, several major components of the core operating system were redesigned, most notably the audio, print, display, and networking subsystems; while the results of this work will be visible to software developers, end-users will only see what appear to be evolutionary changes in the user interface.

As part of the redesign of the networking architecture, IPv6 has been incorporated into the operating system, and a number of performance improvements have been introduced, such as TCP window scaling. Prior versions of Windows typically needed third-party wireless networking software to work properly; this is no longer the case with Windows Vista, as it includes comprehensive wireless networking support.

For graphics, Windows Vista introduces a new as well as major revisions to Direct3D. The new display driver model facilitates the new Desktop Window Manager, which provides the tearing-free desktop and special effects that are the cornerstones of the Windows Aero graphical user interface. The new display driver model is also able to offload rudimentary tasks to the GPU, allow users to install drivers without requiring a system reboot, and seamlessly recover from rare driver errors due to illegal application behavior.

At the core of the operating system, many improvements have been made to the memory manager, process scheduler, heap manager, and I/O scheduler. A Kernel Transaction Manager has been implemented that can be used by data persistence services to enable atomic transactions. The service is being used to give applications the ability to work with the file system and registry using atomic transaction operations.

Whitelisting

Whitelisting is the practice of explicitly allowing some identified entities access to a particular privilege, service, mobility, access or recognition. It is the reverse of blacklisting.

Windows 10 editions

Windows 10 has twelve editions, all with varying feature sets, use cases, or intended devices. Certain editions are distributed only on devices directly from a device manufacturer, while editions such as Enterprise and Education are only available through volume licensing channels. Microsoft also makes editions of Windows 10 available to device manufacturers for use on specific classes of devices, including smartphones (Windows 10 Mobile) and IoT devices.

Windows 7 editions

Windows 7, a major release of the Microsoft Windows operating system, was available in six different editions: Starter, Home Basic, Home Premium, Professional, Enterprise and Ultimate. Only Home Premium, Professional, and Ultimate were widely available at retailers. The other editions focus on other markets, such as the software development world or enterprise use. All editions support 32-bit IA-32 CPUs and all editions except Starter support 64-bit x64 CPUs. 64-bit installation media are not included in Home-Basic edition packages, but can be obtained separately from Microsoft.

According to Microsoft, the features for all editions of Windows 7 are stored on the machine, regardless of which edition is in use. Users who wish to upgrade to an edition of Windows 7 with more features could use Windows Anytime Upgrade to purchase the upgrade and to unlock the features of those editions. Microsoft announced Windows 7 pricing information for some editions on June 25, 2009, and Windows Anytime Upgrade and Family Pack pricing on July 31, 2009.

Windows 8 editions

Windows 8 was released with four editions, with varying feature sets. The editions each with varied features are called Core, Pro, Enterprise, and RT. There are versions of these that features modified for legal or marketing reasons.

Windows Vista networking technologies

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack,

to improve on the previous stack in several ways.

The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

Management
tools
Apps
Shell
Services
File systems
Server
Architecture
Security
Compatibility
API
Games
Discontinued
Spun off to
Microsoft Store

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.