Join Log in
Score:0
Eugene Afanasovich avatar Server

How to configure Windows to execute only .exe with certificate signing?

cn flag
Eugene Afanasovich

I want to run (on a certain computer with Windows 10) only those exe. files, who signed by certificates, which installed on the computer (it can be certificates from CA or my own test certificate).

I already tried this solution (and many others): How does one configure Windows not to execute tampered binaries?

but none of them solved my problem.

I wrote two "HelloWorld" apps (with certificate signing and without certificate signing). But all solutions, which I tried, allow to run both apps.

How to configure Windows10 to execute only .exe with certificate signing?

There is AppLocker configuration:

<AppLockerPolicy Version="1">
  <RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Exe" EnforcementMode="Enabled">
    <FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
    </FilePathRule>
    <FilePublisherRule Id="d5c14ef6-5a5e-4863-aa49-a9ebbcab1afc" Name="Only run executables that are signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
  </RuleCollection>
  <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Script" EnforcementMode="NotConfigured" />
</AppLockerPolicy>
95
0 + 6
cn flag
Greg Askew
AppLocker absolutely can and will prevent applications from running. Unless it is configured incorrectly.
1
Reply
Eugene Afanasovich avatar
cn flag
Eugene Afanasovich
No doubts. But how to configure AppLocker on Windows 10 correctly to execute only .exe with certificate signing?
0
Reply
cn flag
Greg Askew
It would be simpler if you provided your AppLocker configuration.
0
Reply
Eugene Afanasovich avatar
cn flag
Eugene Afanasovich
@GregAskew, thanks for trying to help me. I really appreciate it. I added AppLocker config to question.
0
Reply
cn flag
Greg Askew
Is there anything in the AppLocker event log? Are you using an edition of Windows 10 that supports AppLocker?
1
Reply
Eugene Afanasovich avatar
cn flag
Eugene Afanasovich
Yes, there is a log in Event Viewer: "appidsvc.dll: AppLocker component not available on this SKU". I am using Windows 10 Pro. And I just read that it is not easy to run AppLocker properly on this OS. Maybe there is some solution to my problem without using AppLocker?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.