March 23, 2016 at 4:28 am #166257
Anyone here using/used application whitelisting software?
I’ve just been quoted nearly £15,000 to protect 35 desktops, 6 laptops and 4 servers with whitelisting software. This includes a £6,000 fee for the whitelisting management server license which is a one off, and subsequent annual costs which comprise maintenance fees only and which come to £2,700.
I would like to implement application whitelisting at the charity I work for, but these prices are outside my budget. Does anyone out there use application whitelisting? If so, are you aware of any cheaper products?
ThanksMarch 24, 2016 at 3:59 am #330859
I’ve used things like sanctuary and some others, but only at very large enterprises or banks.
Applocker is free in Windows, never used it but probably costly in terms of time to setup.
TBH though, removing local admin rights for all users usually solves 95% of problems IME, assuming you can get management to agree to it. There’s often opposition to taking away something if users have always had it.March 24, 2016 at 5:16 am #337087
Thanks for the reply. Yes, all our staff have admin rights, but what I wish to protect against is zero-day threats, particularly ransomware which operates within a user’s access to data. I’ve not used Applocker before, but it looks as though it will do what I need.
Thanks again.March 24, 2016 at 6:22 am #337088
Grah! It is only available on Windows 7 Ultimate and Enterprise. We use Professional :(March 27, 2016 at 9:37 am #330860
D’oh! I thought it was available on Pro but with less features, that might be new to 8.1 or 10 though.
What AV do you use? Some of them have appblocking capability, I know Sophos does.March 27, 2016 at 10:29 am #337090cruachan;n505236 wrote:…
What AV do you use? Some of them have appblocking capability, I know Sophos does.
Yes – we use Sophos, but it only works on known executables. It’s whitelisting only works one way. They do have a server version, but nothing for clients as far as I am aware, although one of the guys I buy our bulk software purchases from is looking into this.March 29, 2016 at 7:18 am #330862
That’s pretty poor, you can only block applications you already know about.
Out of ideas then I’m afraid, the products I’ve used (Lumension Sanctuary, AppSense) aren’t likely to be in the price range for a charity unless they do some very favourable licensing. The only other option I know of is GPOs and MD5 hashing, but AFAIK it’s the same as the Sophos option, you can only block apps if you know their MD5 hash rather than only allowing apps you choose. It was meant for blocking things like AIM or MSN Messenger back in the Server 2003 days. Upgrading all your clients to Enterprise might be the cheapest option, from what I remember Microsoft’s charity licensing prices are quite favourable. That’s assuming you aren’t already licensed for it, one charity in my experience had Enterprise licences in VLSC but for reasons best known to themselves were running Pro on all clients!March 29, 2016 at 7:24 am #337091
Thanks. To be fair to Sophos, the component is called Application Control, and not whitelisting.
However, you may helped me with the suggestion to upgrade to Enterprise. I’m on leave until next week so will have a proper look at that option when I return. It may be the cheapest way to deal with this.
You must be logged in to reply to this topic.