It isn’t that bright and shiny of a feature to get a lot of attention.Hardly ever talked about at Microsoft Events.
Here are some of my guesses why it isn’t used as much. Why is this the least deployed Security Policy? Windows Defender Application Control (WDAC).Now there are two main ways you can do application restriction and control with Microsoft right now.
Using Application Control\Allowlisting is a key component of any Windows security strategy. Defense in depth is a basic security strategy to use solutions in a layered methodology to attempt to secure the gaps between the solutions and provide an overall more secure deployment. When execution is unrestricted and phishing email is sent with a malicious executable your only hope is your AV solution to know it is bad and block it. Without an application execution restriction system then you are at risk for sure even with an Antivirus solution deployed too. With the release of Windows XP release in 2001 is when Software Restriction Policies first arrived and then renamed to AppLocker when Windows 7 was released. It is a very powerful way of doing things, but it is also the least deployed feature from what I have seen in all the PC and VDI deployments I have worked with over the past 19 years too. Application Control or Restriction policies are a very powerful security control solution.
0 kommentar(er)
