Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E.

Slides:



Advertisements
Similar presentations
Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-462T.
Advertisements

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Lesson 18: Configuring Application Restriction Policies
Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:
Microsoft ® Official Course Module 9 Configuring Applications.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop
MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Windows XP Professional Features ©Richard L. Goldman February 5, 2003.
PowerShell Shenanigans Lateral Movement with PowerShell
Firmware Storage : Technical Overview Copyright © Intel Corporation Intel Corporation Software and Services Group.
Antivirus AppLocker in “Deny” Mode AppLocker in “Allow” Mode Auditing of Protections Forensic capture of host-based artifacts Forensic capture of memory-based.
POWERSHELL SHENANIGANS KIERAN JACOBSEN HP ENTERPRISE SERVICES.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Windows Role-Based Access Control Longhorn Update
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Paul Cooke - CISSP Director Microsoft Session Code: CLI322.
Wireless and Mobile Security
11 Restricting key use with XACML* for access control * Zack’-a-mul.
Managing Third Party Updates with Microsoft’s System Center Configuration Manager Secunia Integration, MMS 2015 Kent AgerlundSherry Kissinger.
COSC573 Instructor: Professor Anvari Student:Shen Zhong ID#: Summer semester,1999 Washington.D.C.
VMM Based Rootkit Detection on Android
Lesson 6: Controlling Access to Local Hardware and Applications
Microsoft ® Official Course Module 6 Managing Software Distribution and Deployment by Using Packages and Programs.
Secure Boot.
ITMT Windows 7 Configuration Chapter 7 – Working with Applications.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Declarative Configuration Management with Azure Automation DSC and ARM Nathan Lasnoski Vice President of blog.concurrency.com Concurrency.
SaaS apps.
In Depth Azure StackIn Depth Azure Stack Resource Providers Damian Flynn MVP Daniel Savage Microsoft.
Malware attack hardening using Software Restriction Policies
11/12/ :06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Secure Your Workstations
The Secure Boot Journey
Solving Office 365 Client Deployment Scenarios
How To Implement and Stay Out of the News
The changing of the guard
Configuring Windows Firewall with Advanced Security
Contain and Isolate Ransomware with Citrix and Microsoft
Tactic 4: Defend Your Domain Controllers
Shielded VM and Guarded Fabric
Modernize ConfigMgr OSD with Community Tools
A Fast Track into Device Guard
Migrating Oracle Forms Using Oracle Application Express
Device Guard: AppLocker on steroids
Download dumps - Microsoft Real Exam Questions Dumps4download
Drop the hammer down on malware threats with Windows 10’s Device Guard
Securely run and grow your business with Microsoft 365 Business
Building hardware-based security with a Trusted Platform Module (TPM)
Laura A. Robinson July 10, June 30, /15/2018 4:19 PM
Application Whitelisting and Your Managed Desktops
Modern Windows 10 device 12/2/2018 E3 E3 P E3 P P P P E3 E3 P P P P P
Implementing Client Security on Windows 2000 and Windows XP Level 150
Technical Capabilities
Protecting your data with Azure AD
Intel Active Management Technology
Preparing for the Windows 8.1 MCSA
Presentation transcript:

Device Guard and AppLocker Better Together Troy L. Martin 1E.com/blogs/author/troymartin/ Technical Architect 1E Bill Moore billamoore.com IT Product Owner Client & Mobility Dell Technologies

@BMooreatDell Described as "Best Dad ever" years Dell client management Jeep junkie (no Uber in In ‘92, 2 nd highest score at DeVry 20 1E) Go NY Yankees!! Bill Moore Troy L. Martin

So, an Engineer walks in to a bar…..

Security is no joke…even at the bar Device Guard App Locker

What is the problem? Users can install and run unauthorized/untrusted apps Most security products are reactionary by nature Attacks are narrowly focused with specific goals New malware is easily obtained for a few BitCoin Advanced social engineering methods Relaxed attitudes toward local administrators

What is the goal? Enforce application standards Eliminate threats associated with untrusted apps Improve management and control of application sprawl

Understanding Individual Capabilities App Locker Device Guard Exclude file from allow / deny rule Target users and groups Allow rules beyond executable only Wizard driven Rules survive app updates without mods Windows 7/8/10 Enterprise & W10 Education Dependent on service Only trusted applications are allowed Ability to sign an unsigned app Windows 10 Enterprise & Education No services Separate from kernel Protected by Hyper-V

Understanding Similarities Only known-good “trusted” applications are allowed to run. All others blocked. Rules driven Digital signatures Publisher Application attribute Audit mode capability to convert events to rules PowerShell cmdlets =

Code Integrity ( Secure Boot  Includes Secure Firmware Updates and Platform Secure Boot Kernel Mode Code Integrity (KMCI) User Mode Code Integrity (UMCI) AppLocker ROM/FusesBootloaders Native UEFI Windows OS Loader Windows OS Loader Windows Kernel and Drivers 3 rd Party Drivers User mode code (apps, etc.) KMCIUEFI Secure Boot UMCI Platform Secure Boot AppLocker

Demo Make application trusted by Device Guard

Demo Block older version app using AppLocker

Demo Malware attack on Group Policy Client and AppLocker

Application Control & Whitelisting

The end goals are basically the same Implementation and level of security are much different AppLocker can be compromised Device Guard is very difficult to compromise i.e. Virtualization Based Security, KMCI Security has a cost. Not willing to pay the cost can lead to compromise Differences: Application Control and Whitelisting

Presentation Just a placeholder slide. Please use the example slides in the “Template Example Slides” Section. Questions?

And Then …

Section HeaderSection Header This is the next section

Title Line1 Line2 Line3 Line4 Line5 Line6 Bullet Level 1 Bullet Level 2 Bullet Level 3

Title Code

Text Only with Border Level 1 Level 2 Level 3

Text Only without Border Level 1 Level 2 Level 3

Title Text 1 Level 1 Level 2 Level 3 Text 2 Level 1 Level 2 Level 3

Section 1 Text Level 1 Level 2 Level 3 Section 2 Text Level 1 Level 2 Level 3 Title

Demo Demo Title

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.