Windows offers a robust set of tools designed to enhance security and safeguard users from unwanted applications. Among these tools is the ability to implement a whitelist, which allows administrators to specify which programs are permitted to run on a system. This proactive approach not only blocks unauthorized installations but also provides an additional layer of protection against malware that may not yet be recognized by traditional antivirus software.
A whitelist for programs
To effectively configure a whitelist, users can utilize the built-in Local Security Policy tool available in Windows Pro and Enterprise versions. While this tool is also present in Windows Home, it requires integration via the command prompt. Once enabled, administrators can access the Applocker feature, which has been part of Windows since version 10, build 1809. Applocker operates on a policy-based system, allowing for the creation of both whitelists and blacklists, although a whitelist is generally more effective in today’s rapidly evolving threat landscape.
Setting up a whitelist involves navigating to the Application Control Policies section within the Local Security Policy. Here, administrators can create rules that dictate which applications are allowed to execute. The process can be streamlined by using default rules that Microsoft provides, which cover the majority of common applications.
Set up the Applocker whitelist
To initiate the setup, type secpol into the taskbar search and open the Local Security Policy. Under Application Control Policies > AppLocker, administrators will find several subfolders, including “Executable rules,” which is crucial for managing executable files. By right-clicking on this folder, users can create default rules and automatically generate rules for existing applications.
During the configuration, the wizard will prompt for the location of applications, typically starting with C:Program Files. Administrators can choose to identify applications by their file hash or path, with the file hash being the more secure option. This method ensures that even if malware disguises itself with a common name, it will still be blocked if it does not match the approved hash.
Activate application identity
For Applocker to function correctly, the Windows service known as Application Identity must be activated. This can be done by searching for services in the taskbar, locating the Application Identity entry, and starting the service. Once activated, any attempt to run unauthorized applications will result in an error message indicating that the app has been blocked by the system administrator.
This configuration effectively restricts users without administrative rights from installing unauthorized software, while still allowing access to personal files and documents. If issues arise, a simple restart of Windows can resolve them, as the Application Identity service is set to manual by default. For those wishing to keep Applocker active permanently, changing the service’s startup type to automatic is advisable.
Cyberlock as an alternative to Applocker
For users seeking a more comprehensive solution, Cyberlock offers advanced features beyond those provided by Applocker. Previously known as Voodooshield, this tool requires a paid license after a 15-day trial. Cyberlock scans the system upon installation, creating a whitelist based on the applications detected. Users are then prompted to make decisions on new installations, providing a flexible yet secure environment.
In addition to these tools, Windows also offers Smart App Control, which monitors user behavior and restricts installations to verified applications based on digital signatures. This feature is particularly useful for users who primarily work with standard applications, as it automatically activates after recognizing consistent usage patterns.
For environments requiring strict control, Kiosk mode can be configured to allow only a single application to run, making it ideal for presentations or information kiosks. This mode can be set up through the Windows settings, providing a straightforward solution for businesses looking to limit user access to specific applications.
Enable local security policy in Windows Home
For Windows Home users wishing to access the Local Security Policy tool, integration is necessary. This can be accomplished through the command prompt, where specific commands will enable the required features. Once integrated, users can take full advantage of the security policies available to their Pro and Enterprise counterparts.
