https://github.com/aaronparker/applocker
AppLocker baseline configuration with the AaronLocker module. Used for testing with Windows 10, Intune etc.
https://github.com/aaronparker/applocker
Last synced: 4 months ago
JSON representation
AppLocker baseline configuration with the AaronLocker module. Used for testing with Windows 10, Intune etc.
- Host: GitHub
- URL: https://github.com/aaronparker/applocker
- Owner: aaronparker
- License: mit
- Created: 2020-11-11T09:02:29.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2024-11-17T21:14:18.000Z (7 months ago)
- Last Synced: 2025-02-01T20:03:53.697Z (4 months ago)
- Language: PowerShell
- Homepage:
- Size: 626 KB
- Stars: 16
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# AppLocker
AppLocker baseline configuration using the [AaronLocker](https://github.com/microsoft/AaronLocker) module with customisations. Used for testing AppLocker and Microsoft Defender Application Control with Windows 10, Intune etc.
## Additional configurations
### Inbox executables
Additional inbox executables that Microsoft recommends blocking are found here: [Microsoft recommended block rules](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol). These files can be tested for and formatting for adding to `GetExeFilesToDenyList.ps1` with:
```powershell
$Files = @("addinprocess.exe",
"addinprocess32.exe",
"addinutil.exe",
"aspnet_compiler.exe",
"bash.exe",
"bginfo.exe",
"cdb.exe",
"cscript.exe",
"csi.exe",
"dbghost.exe",
"dbgsvc.exe",
"dbgsrv.exe",
"dnx.exe",
"dotnet.exe",
"fsi.exe",
"fsiAnyCpu.exe",
"infdefaultinstall.exe",
"kd.exe",
"kill.exe",
"lxssmanager.dll",
"lxrun.exe",
"Microsoft.Build.dll",
"Microsoft.Build.Framework.dll",
"Microsoft.Workflow.Compiler.exe",
"msbuild.exe",
"msbuild.dll",
"mshta.exe",
"ntkd.exe",
"ntsd.exe",
"powershellcustomhost.exe",
"rcsi.exe",
"runscripthelper.exe",
"texttransform.exe",
"visualuiaverifynative.exe",
"system.management.automation.dll",
"webclnt.dll",
"davsvc.dll",
"wfc.exe",
"windbg.exe",
"wmic.exe",
"wscript.exe",
"wsl.exe",
"wslconfig.exe",
"wslhost.exe")$Executables = @()
Get-ChildItem -Path "$Env:SystemRoot\Microsoft.NET" -Include $files -Recurse -ErrorAction "SilentlyContinue" | ForEach-Object { $Executables += $_ }
$Executables | Select-Object -ExpandProperty "FullName" | Select-Object -Unique | Sort-Object | Set-Clipboard
```