Application Whitelisting software

Home Forums Security General Security Application Whitelisting software

This topic contains 7 replies, has 2 voices, and was last updated by Blood Blood 2 years, 9 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • Blood
    Blood
    Moderator
    #166257

    Hi, Folks

    Anyone here using/used application whitelisting software?

    I’ve just been quoted nearly £15,000 to protect 35 desktops, 6 laptops and 4 servers with whitelisting software. This includes a £6,000 fee for the whitelisting management server license which is a one off, and subsequent annual costs which comprise maintenance fees only and which come to £2,700.

    I would like to implement application whitelisting at the charity I work for, but these prices are outside my budget. Does anyone out there use application whitelisting? If so, are you aware of any cheaper products?

    Thanks


    cruachan
    Participant
    #330859

    I’ve used things like sanctuary and some others, but only at very large enterprises or banks.

    Applocker is free in Windows, never used it but probably costly in terms of time to setup.

    https://technet.microsoft.com/en-gb/library/dd759117.aspx

    TBH though, removing local admin rights for all users usually solves 95% of problems IME, assuming you can get management to agree to it. There’s often opposition to taking away something if users have always had it.

    Blood
    Blood
    Moderator
    #337087

    Thanks for the reply. Yes, all our staff have admin rights, but what I wish to protect against is zero-day threats, particularly ransomware which operates within a user’s access to data. I’ve not used Applocker before, but it looks as though it will do what I need.

    Thanks again.

    Blood
    Blood
    Moderator
    #337088

    Grah! It is only available on Windows 7 Ultimate and Enterprise. We use Professional :(


    cruachan
    Participant
    #330860

    D’oh! I thought it was available on Pro but with less features, that might be new to 8.1 or 10 though.

    What AV do you use? Some of them have appblocking capability, I know Sophos does.

    Blood
    Blood
    Moderator
    #337090
    cruachan;n505236 wrote:

    What AV do you use? Some of them have appblocking capability, I know Sophos does.

    Thanks.

    Yes – we use Sophos, but it only works on known executables. It’s whitelisting only works one way. They do have a server version, but nothing for clients as far as I am aware, although one of the guys I buy our bulk software purchases from is looking into this.


    cruachan
    Participant
    #330862

    That’s pretty poor, you can only block applications you already know about.

    Out of ideas then I’m afraid, the products I’ve used (Lumension Sanctuary, AppSense) aren’t likely to be in the price range for a charity unless they do some very favourable licensing. The only other option I know of is GPOs and MD5 hashing, but AFAIK it’s the same as the Sophos option, you can only block apps if you know their MD5 hash rather than only allowing apps you choose. It was meant for blocking things like AIM or MSN Messenger back in the Server 2003 days. Upgrading all your clients to Enterprise might be the cheapest option, from what I remember Microsoft’s charity licensing prices are quite favourable. That’s assuming you aren’t already licensed for it, one charity in my experience had Enterprise licences in VLSC but for reasons best known to themselves were running Pro on all clients!

    Blood
    Blood
    Moderator
    #337091

    Thanks. To be fair to Sophos, the component is called Application Control, and not whitelisting.

    However, you may helped me with the suggestion to upgrade to Enterprise. I’m on leave until next week so will have a proper look at that option when I return. It may be the cheapest way to deal with this.

    Thanks again.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.