These events can be collected for further analysis. AppLocker addresses the following app security scenarios:ĪppLocker has the ability to enforce its policy in an audit-only mode where all app access activity is registered in event logs.
Use audit-only mode to deploy the policy and understand its impact before enforcing it.For example, you can create a rule that allows all users to run all Windows binaries, except the Registry Editor (regedit.exe). Assign a rule to a security group or an individual user.You can also create rules based on the file path and hash. Define rules based on file attributes that persist across app updates, such as the publisher name (derived from the digital signature), product name, file name, and file version.AppLocker is unable to control processes running under the system account on any operating system.