Part 2 – Recorded on February 12, 2020

Why AppLocker?

Application whitelisting is one of the most powerful ways to stop a variety of attacks and, when configured correctly, will significantly increase the amount of time an attacker will need to spend to get around it. Additionally, application whitelisting is effective against automated attacks, such as ransomware.

What will be covered in the series?

In the first webinar (on January 29), Oddvar will cover how to get started with AppLocker and what you need to know in order to build an effective AppLocker policy in your organization. The basic components of the policy, the pre-requisites for implementation, and a how-to on piloting AppLocker will be discussed and demonstrated. You will learn how to deploy a ruleset in audit mode and gather logs centrally to see the effects prior to putting it into production. Lastly, Oddvar will provide instruction on how to enable the ruleset and maintain it over time.

During the second installment (on February 12), Oddvar will delve more deeply into how to identify weaknesses in your AppLocker configuration. You will gain a better understanding of what to look for and what tools are available to make your AppLocker configuration as strong as possible. Oddvar will demonstrate how to use AaronLocker to automate rule building and will reveal his own custom written PowerAL module that was developed to discover weaknesses in the configuration.