Announcement

Collapse
No announcement yet.

Application Whitelisting software

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Application Whitelisting software

    Hi, Folks

    Anyone here using/used application whitelisting software?

    I've just been quoted nearly 15,000 to protect 35 desktops, 6 laptops and 4 servers with whitelisting software. This includes a 6,000 fee for the whitelisting management server license which is a one off, and subsequent annual costs which comprise maintenance fees only and which come to 2,700.

    I would like to implement application whitelisting at the charity I work for, but these prices are outside my budget. Does anyone out there use application whitelisting? If so, are you aware of any cheaper products?

    Thanks
    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    I've used things like sanctuary and some others, but only at very large enterprises or banks.

    Applocker is free in Windows, never used it but probably costly in terms of time to setup.

    https://technet.microsoft.com/en-gb/.../dd759117.aspx

    TBH though, removing local admin rights for all users usually solves 95% of problems IME, assuming you can get management to agree to it. There's often opposition to taking away something if users have always had it.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Thanks for the reply. Yes, all our staff have admin rights, but what I wish to protect against is zero-day threats, particularly ransomware which operates within a user's access to data. I've not used Applocker before, but it looks as though it will do what I need.

      Thanks again.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Grah! It is only available on Windows 7 Ultimate and Enterprise. We use Professional
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          D'oh! I thought it was available on Pro but with less features, that might be new to 8.1 or 10 though.

          What AV do you use? Some of them have appblocking capability, I know Sophos does.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Originally posted by cruachan View Post
            ...

            What AV do you use? Some of them have appblocking capability, I know Sophos does.
            Thanks.

            Yes - we use Sophos, but it only works on known executables. It's whitelisting only works one way. They do have a server version, but nothing for clients as far as I am aware, although one of the guys I buy our bulk software purchases from is looking into this.

            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              That's pretty poor, you can only block applications you already know about.

              Out of ideas then I'm afraid, the products I've used (Lumension Sanctuary, AppSense) aren't likely to be in the price range for a charity unless they do some very favourable licensing. The only other option I know of is GPOs and MD5 hashing, but AFAIK it's the same as the Sophos option, you can only block apps if you know their MD5 hash rather than only allowing apps you choose. It was meant for blocking things like AIM or MSN Messenger back in the Server 2003 days. Upgrading all your clients to Enterprise might be the cheapest option, from what I remember Microsoft's charity licensing prices are quite favourable. That's assuming you aren't already licensed for it, one charity in my experience had Enterprise licences in VLSC but for reasons best known to themselves were running Pro on all clients!
              BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
              sigpic
              Cruachan's Blog

              Comment


              • #8
                Thanks. To be fair to Sophos, the component is called Application Control, and not whitelisting.

                However, you may helped me with the suggestion to upgrade to Enterprise. I'm on leave until next week so will have a proper look at that option when I return. It may be the cheapest way to deal with this.

                Thanks again.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment

                Working...
                X