Whitelisting - Applocker - Configuration - Windows
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Whitelisting - Applocker - Configuration - Windows4/22/2016 7:36:19 PM
2Whitelisting - Applocker - Configuration - Windows5/10/2016 7:22:21 AM
3Whitelisting - Applocker - Configuration - Windows5/11/2016 11:02:40 AM
4Whitelisting - Applocker - Configuration - Windows7/19/2016 6:04:45 PM

Description

Provides the current applocker configuration on the system.

Information on using this content is available here: https://github.com/strawgate/C3-Protect/wiki/Applocker

For general information or to report issues with C3 Protect content please visit GitHub here: https://github.com/strawgate/C3-Protect


Property Details

ID2998309
TitleWhitelisting - Applocker - Configuration - Windows
DomainBESC
Added by on 7/19/2016 6:04:45 PM
Last Modified by on 7/19/2016 6:04:45 PM
Counters 779 Views / 54 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 1 rating. ** Log In or Register to add your rating.

Properties

Applocker - AppX Enforcement Mode - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(if (it = "Disabled") then ("Disabled") else (if (it = "0") then "Audit-only" else "Enforced")) of (value "EnforcementMode" of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Appx" of native registry as string | "Disabled")
Applocker - DLL Enforcement Mode - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(if (it = "Disabled") then ("Disabled") else (if (it = "0") then "Audit-only" else "Enforced")) of (value "EnforcementMode" of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Dll" of native registry as string | "Disabled")
Applocker - EXE Enforcement Mode - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(if (it = "Disabled") then ("Disabled") else (if (it = "0") then "Audit-only" else "Enforced")) of (value "EnforcementMode" of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe" of native registry as string | "Disabled")
Applocker - MSI Enforcement Mode - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(if (it = "Disabled") then ("Disabled") else (if (it = "0") then "Audit-only" else "Enforced")) of (value "EnforcementMode" of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Msi" of native registry as string | "Disabled")
Applocker - Script Enforcement Mode - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(if (it = "Disabled") then ("Disabled") else (if (it = "0") then "Audit-only" else "Enforced")) of (value "EnforcementMode" of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Script" of native registry as string | "Disabled")
Applocker - AppX Rules (raw) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Appx" of native registry as string)
Applocker - DLL Rules (raw) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Dll" of native registry as string)
Applocker - Exe Rules (raw) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe" of native registry as string)
Applocker - Msi Rules (raw) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Msi" of native registry as string)
Applocker - Script Rules (raw) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Script" of native registry as string)
Applocker - AppX Rules (formatted) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(node value of attribute "Action" of it, node value of attribute "Name" of it, node value of attribute "UserOrGroupSid" of it & " (" & ( account name of sid (node value of attribute "UserOrGroupSid" of it) | "User not found") & ")", concatenations "; " of (node name of it & ": " & node value of it) of attributes of child nodes of xpaths "Conditions" of it) of xpaths "/*" of xml documents of (values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Msi" of native registry as string)
Applocker - DLL Rules (formatted) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(node value of attribute "Action" of it, node value of attribute "Name" of it, node value of attribute "UserOrGroupSid" of it & " (" & ( account name of sid (node value of attribute "UserOrGroupSid" of it) | "User not found") & ")", concatenations "; " of (node name of it & ": " & node value of it) of attributes of child nodes of xpaths "Conditions" of it) of xpaths "/*" of xml documents of (values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Dll" of native registry as string)
Applocker - Exe Rules (formatted) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(node value of attribute "Action" of it, node value of attribute "Name" of it, node value of attribute "UserOrGroupSid" of it & " (" & ( account name of sid (node value of attribute "UserOrGroupSid" of it) | "User not found") & ")", concatenations "; " of (node name of it & ": " & node value of it) of attributes of child nodes of xpaths "Conditions" of it) of xpaths "/*" of xml documents of (values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Exe" of native registry as string)
Applocker - Msi Rules (formatted) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(node value of attribute "Action" of it, node value of attribute "Name" of it, node value of attribute "UserOrGroupSid" of it & " (" & ( account name of sid (node value of attribute "UserOrGroupSid" of it) | "User not found") & ")", concatenations "; " of (node name of it & ": " & node value of it) of attributes of child nodes of xpaths "Conditions" of it) of xpaths "/*" of xml documents of (values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Msi" of native registry as string)
Applocker - Script Rules (formatted) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(node value of attribute "Action" of it, node value of attribute "Name" of it, node value of attribute "UserOrGroupSid" of it & " (" & ( account name of sid (node value of attribute "UserOrGroupSid" of it) | "User not found") & ")", concatenations "; " of (node name of it & ": " & node value of it) of attributes of child nodes of xpaths "Conditions" of it) of xpaths "/*" of xml documents of (values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Script" of native registry as string)
Applocker - AppX Rules (formatted) - Windows
Period 1 day
 
  * Results in a true/false
Show indented relevance
(node value of attribute "Action" of it, node value of attribute "Name" of it, node value of attribute "UserOrGroupSid" of it & " (" & ( account name of sid (node value of attribute "UserOrGroupSid" of it) | "User not found") & ")", concatenations "; " of (node name of it & ": " & node value of it) of attributes of child nodes of xpaths "Conditions" of it) of xpaths "/*" of xml documents of (values "value" of keys of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2\Appx" of native registry as string)

Relevance

isWindows (Relevance 1172)
Used in 1066 fixlets and 522 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 21 fixlets and 13 analyses   * Results in a true/false
Show indented relevance
(product info string of operating system = "Enterprise" or product info string of operating system = "Server")
Used in 2 fixlets and 9 analyses   * Results in a true/false
Show indented relevance
exists key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SrpV2" of native registry

Sharing

Social Media:
Share this page on Yammer

Comments