![]() For example, the below PowerShell command created a list of safe directories under C:\Users. If you are unsure which directories require whitelisting, you can utilize the ScanDirectories.ps1 script to identify safe directories. In this case, we have chosen to whitelist the C:\Test directory. This is where our whitelisting will occur. Next, we will add a list of any unsafe paths by modifying the file UnsafePathToBuildRulesFor.ps1. Be sure any paths added to this directory can only be modified by an administrator. Start by ensuring that any safe paths are allowed to execute by adding them to the file GetSafePathsToAllow.ps1. In this tutorial, we will manage the AaronLocker policy by path. For example, any known trusted signers would be added to TrustedSigners.ps1. Simply place the appropriate exclusions in the appropriate file. All customization scripts are found in the CustomizationInputs folder downloaded in the AaronLocker package from github. The first step in the AaronLocker rule building process is to add any applicable customizations. The AaronLocker.zip package was extracted to the C:\ directory and AccessChk.exe was placed in the same AaronLocker directory. AccessChk has been added to the Windows 10 machine to allow AaronLocker to determine if directories are user writeable. We have downloaded Sysinternals AccessChk.exe from the following link. This tutorial was conducted on a Windows 10 machine running PowerShell v5.1 with script execution enabled. Other user maintained directories are restricted unless otherwise authorized. Programs in directories such as the program files directory which is accessible only to the administrator are considered to be valid and allowed to run. This is controlled both by user permissions and location. Programs or scripts added to the computer by a non-administrative user are not allowed to execute unless specifically allowed by an administrator. Nifty!ĪaronLocker files can be downloaded from github at the following link: ĪaronLocker implements Microsoft AppLocker according to a specific strategy. AaronLocker even includes some additional scripts to both capture policy and event data from Microsoft AppLocker in an excel file. The overall objective is to make Windows AppLocker implementation more robust, practical, and maintainable while still remaining free. It is written entirely in PowerShell (5.0 and later) and includes a small number of scripts that are easily customizable for more specific requirements. What is AaronLocker?ĪaronLocker, named for its namesake developer, Aaron Margosis, is a wrapper for the traditional implementation of Windows AppLocker. However, a new player has joined the fold, AaronLocker. This whitelisting program allows Windows users to protect itself from disk based malware by way of restricting executable programs to a specific list of paths, hashes, or signed applications. If you are a Windows user, you have likely heard of Microsoft AppLocker. ![]()
0 Comments
Leave a Reply. |