Photographee.eu - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

How can you whitelist apps and fight ransomware with AppLocker?

With application whitelisting, admins can create a list of approved apps users can work with. This way, users cannot accidentally open an app containing ransomware.

Ransomware is one of the biggest threats to an organization's data. All it takes is one user to click on a malicious link or open an infected email attachment, and the attacker can encrypt all the files the user has access to and hold them for ransom.

In corporate settings, ransomware infections almost always originate at network endpoints. Although most organizations run antimalware software on their endpoints, malware scanning is only somewhat effective. Most antimalware software compares files against a database of known malware signatures. Hackers and cybercriminals create new malware every day so if a scanning engine encounters a piece of malware that does not match an existing signature in its database, the software may not recognize the malware for what it is.

The best way to protect PCs against ransomware and other types of malware is to whitelist apps. The idea behind application whitelisting is that in any organization there are certain apps users must work with on their devices. To whitelist apps, you designate the apps users need as trusted and authorize them to run on users' devices. If you do not whitelist apps or software, they are unauthorized and cannot run those. As a result, if a user encounters a piece of ransomware, that ransomware will never execute.

Whitelist apps with AppLocker in Windows 10

Several vendors offer application whitelisting products, but Windows 10 includes native application whitelisting capabilities through Windows AppLocker. You can enable AppLocker by opening the Group Policy Editor and clicking Computer Configuration > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker.

Windows AppLocker is based on a series of rules. The easiest way to create the rules you need is to set up a clean Windows deployment and then install the applications you want to authorize. Next, open AppLocker and right click on the Executable Rules container and select the option to create default rules. Next, right click on the container again, and select the Automatically Generate Rules option. This allows AppLocker to create whitelisting rules for the executables installed on the system. When you are done, turn on rule enforcement, and then deploy the Group Policy settings -- which include the rules -- to the other computers in the organization.

It is important to remember this is just a quick explanation of how to create whitelisting rules, so you should review the AppLocker documentation prior to creating any rules.

Next Steps

Complete guide to Windows 10 security

Key Windows 10 security risks to keep an eye on

Blacklisting vs. whitelisting apps?

This was last published in April 2017

Dig Deeper on Network intrusion detection and prevention and malware removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What options besides app whitelisting are good for fighting ransomware?
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close