implementing-application-whitelisting-with-applocker

Featured

Implements application whitelisting using Windows AppLocker to restrict unauthorized software execution on endpoints, reducing attack surface from malware, unauthorized tools, and shadow IT. Use when enforcing application control policies, meeting compliance requirements for software restriction, or preventing execution of unsigned or untrusted binaries. Activates for requests involving AppLocker, application whitelisting, software restriction, or executable control.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Application Whitelisting with AppLocker ## When to Use Use this skill when: - Implementing application control to prevent unauthorized software execution on Windows endpoints - Meeting compliance requirements (PCI DSS 6.4.3, NIST 800-53 CM-7, ACSC Essential Eight) - Blocking common attack vectors: living-off-the-land binaries (LOLBins), script-based attacks, unauthorized admin tools - Restricting software installation in kiosk, POS, or high-security environments **Do not use** this skill for macOS/Linux application control (use OS-native tools like Gatekeeper or AppArmor) or for enterprise-grade WDAC (Windows Defender Application Control) deployments. ## Prerequisites - Windows 10/11 Enterprise or Education, or Windows Server 2016+ - Application Identity service (AppIDSvc) enabled on target endpoints - Active Directory with Group Policy Management Console (GPMC) - Complete application inventory of approved software - Test OU with representative endpoints for policy validation ## Workflow ### Step 1: Inventory Approved Applications Before creating AppLocker rules, catalog all legitimate software: ```powershell # Generate application inventory on reference endpoint Get-AppLockerFileInformation -Directory "C:\Program Files" -Recurse ` -FileType Exe | Export-Csv "C:\AppLocker\app_inventory_progfiles.csv" -NoTypeInformation Get-AppLockerFileInformation -Directory "C:\Program Files (x86)" -Recurse ` -FileType Exe | Export-Csv "C:\AppLocker\app_inventory...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-anti-ransomware-group-policy

Configures Windows Group Policy Objects (GPO) to prevent ransomware execution and limit its spread. Implements AppLocker rules, Software Restriction Policies, Controlled Folder Access, attack surface reduction rules, and network protection settings. Activates for requests involving Windows GPO hardening against ransomware, AppLocker configuration, Controlled Folder Access setup, or endpoint protection via Group Policy.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-disk-encryption-with-bitlocker

Implements full disk encryption using Microsoft BitLocker on Windows endpoints to protect data at rest from unauthorized access in case of device loss or theft. Use when deploying encryption for compliance requirements, securing mobile workstations, or implementing data protection controls across the enterprise. Activates for requests involving BitLocker encryption, disk encryption, TPM configuration, or data-at-rest protection.

13,115 Updated today
mukul975
AI & Automation Featured

configuring-windows-defender-advanced-settings

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

13,115 Updated today
mukul975
AI & Automation Solid

implementing-privileged-access-workstation

Design and implement Privileged Access Workstations (PAWs) with device hardening, just-in-time access, and integration with CyberArk or BeyondTrust for secure administrative operations.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-usb-device-control-policy

Implements USB device control policies to restrict unauthorized removable media access on endpoints, preventing data exfiltration and malware introduction via USB devices. Use when deploying device control via Group Policy, Intune, or EDR platforms to enforce USB restrictions. Activates for requests involving USB control, removable media policy, device control, or data loss prevention via USB.

13,115 Updated today
mukul975