A really important concept that came along with Windows quite a while back is actually the concept of Software Restrictions and App Blocker. App Blocker is a newer thing but Software Restrictions has been around for quite a while and what these tools specifically entail is they allow you, as an administrator, to specifically set up things like white lists and blacklists on what software can run and where it can run from. Say it can only run from a specific directory on my drive or I can only run this application if it matches a specific hash key that’s generated when you actually add this rule.
So there’s a lot of flexibility there in these different variations of how App Blocker versus Software Restrictions work but specifically the reasons to use these things is that they’re very flexible and they allow you to explicitly block out certain things to explicitly allow things and in the case of many endpoint devices that we’ve set up at South Seas for customers, we specifically turn on these policies into more of a white list mode so when they’re applied that user can’t run software that we don’t allow. It doesn’t matter what it is. It doesn’t matter where they download it or where they put it on the machine, it can’t run.
So that kind of helps you, right there, in blocking out a lot of things like Malware and viruses. If you get those on the system, they come down and try to run, Software Restrictions or App Blocker can help you prevent that from even running in the first place.
So, it gets on your PC, your user doesn’t know it’s there. Doesn’t know that it’s about to run. It executes App Blocker or Software Restriction blocks it. It stops it from happening. So instead of reacting with antivirus software, instead of going in there and trying to remove it after the fact, and instead of digging through your back-ups and restoring files because something bad happened, all of a sudden you don’t have to do anything. You just look at your log files periodically and you see, hey user X downloaded something that really they shouldn’t have been downloading. I’ll have to look into why they’re doing that later, but I see that when they downloaded it, App Blocker and Software Restriction prevented that from running.
So ultimately, as an administrator of a network or a domain administrator or just a desktop technician, your job has become massively easier because you employed these policies to start with and prevented these things so this is kind of a preventative measure you can use in security which is almost always the difficult thing to employ from security on a network or information system, is that you’re usually reactive on these things. You’re usually to the point that you’re always waiting for something to happen and then fixing it after it happens.
This is a case where you can say, I’m not gonna let this happen. I’m gonna prevent this from happening and in most cases, you can do that with minimal impact to your user. So you can explain why these policies are needed and why they’re going to help them and why they are going to prevent them from having to sit in your office for an hour and a half while you redo their PC.
I’m Anthony from South Seas Data and we’re here to help you figure out how to be proactive about security instead of reactive.