Copyright © 1E 2022 All Rights Reserved
OS Supported - Microsoft Windows 11, 10
Description
The Windows AppLocker Product Pack is intended to regulate the execution of any specific executable file(s) across devices by creating explicit Hash rules (Allow or Deny) in Windows AppLocker.
Key Features
- Unblocks execution of a specific .exe file for all users by providing a Filehash in turn updating the existing AppLocker policy with the Hash rule.
- Get Filehash for the specified file which can be used to create AppLocker Hash rule. This instruction is meant to be run on a single device where the exe to be blocked is known to exist. Uses PowerShell AppLocker commands.
- Block execution of a specified file for all users by creating an AppLocker policy with a Hash rule. Uses PowerShell AppLocker commands.
Setup
- This Product Pack contains instructions.
- Upload the Product pack either with the help of Tachyon Product Pack Deployment Tool or directly by clicking on Upload button from Instruction set in 1E Platform.
- Create an Instruction Set named Windows Applocker and move all the instructions from Unassigned Set to this set, unless you use Product Pack Deployment Tool which creates it automatically.
Usage
- Go to Explorer and search for any instruction in this pack, For Example Get FileHash for the file %Filepath% to be used to create AppLocker Hash rules.
- Click on Ask this question.
- This will display the hash value of the file for Applocker.
This is a Classic Product Pack. Unless specifically required, the instructions are intended to be run in the following sequence: 1) 1E-Exchange-GetFileHashforApplocker 2) 1E-Exchange-BlockExeHashRule 3) 1E-Exchange-GetEffectiveApplockerRules 4) 1E-Exchange-UnblockExeHashRule 5) 1E-Exchange-ClearAllExistingApplockerPolicyRule
Components
1E-Exchange-BlockExeHashRule
Description
Block execution of a specified file for all users by creating an AppLocker policy with a Hash rule. Uses PowerShell AppLocker commands. WARN: Please do not block any .exe file which may be required by Windows to function properly.
Readable Payload
Create an AppLocker Policy with Hash rule %rulename% to block an exe file with %Filehash%.