The third approach, using a hash value to determine if the software can run, is the most secure approach offered by AppLocker. To help protect against this you can use NTFS security permissions to lock down the locations you have permitted in AppLocker so another executable cannot be renamed and substituted for the original. The second method only checks that the path is valid, not that the software found there is the correct copy. The concern with this approach is that an attacker could replace a valid program, such as notepad.exe, with some malware that they had renamed “notepad.exe” and put in place of the real software. The second method is fairly precise in that you specify that the executable being run must be in a specific location. there have been cases in recent years of Certificate Authorities being compromised and fraudulent certificates issued to third parties. This approach only works if you trust that the certificate the software presents is genuine. However the concern here is that the trust requirement is simply moved along. Using the first attribute, “publisher,” allows for any software, including updates and new products from a trusted publisher to be run by the user. If you are comfortable with configuring firewalls then you will find the AppLocker rules somewhat familiar. If you make each AppLocker rule do just one thing then it is easier to read the list of rules and determine what would happen under a given scenario. However, we would recommend against the use of too many exceptions to a rule as the actual exceptions do not show up in the main management interface for AppLocker, which can lead to confusion about what a rule actually does.
For each rule you can also specify exceptions.
You’ll need to be using Windows 7 Enterprise or Ultimate, or Windows 8 Enterprise edition in order to take advantage of the AppLocker functionality. The AppLocker options are granular enough to allow you to set different restrictions for different groups of users, even on the same workstation. You can define that list for multiple workstations at once using Group Policy.
From a security perspective, AppLocker can also help stop users from accidentally installing malware by restricting the programs they can run to those on a predefined list. Microsoft’s AppLocker is a feature of Windows 7 and 8 that allows you to control what software a user can run on a workstation.