mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-13 22:54:53 +03:00
mukul975
81 lines
2.7 KiB
Markdown
81 lines
2.7 KiB
Markdown
# AppLocker Application Whitelisting Template
|
|
|
|
## Policy Information
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| Policy Name | |
|
|
| Target OS | Windows 10/11 Enterprise |
|
|
| Profile | Workstation / Server / Kiosk |
|
|
| Enforcement Mode | Audit Only / Enforce |
|
|
| GPO Name | |
|
|
| Target OU | |
|
|
| Last Updated | |
|
|
|
|
## Approved Application Inventory
|
|
|
|
| Application | Publisher | Version | Rule Type | Justification |
|
|
|------------|----------|---------|-----------|---------------|
|
|
| Microsoft Office | Microsoft Corporation | 365 | Publisher | Business productivity |
|
|
| Google Chrome | Google LLC | * | Publisher | Approved browser |
|
|
| Adobe Acrobat | Adobe Inc. | * | Publisher | PDF processing |
|
|
| | | | | |
|
|
|
|
## Rule Collection Configuration
|
|
|
|
### Executable Rules (EXE, COM)
|
|
|
|
| Rule Name | Type | Action | Scope | Conditions |
|
|
|-----------|------|--------|-------|------------|
|
|
| Default - Windows | Path | Allow | Everyone | %WINDIR%\* |
|
|
| Default - Program Files | Path | Allow | Everyone | %PROGRAMFILES%\* |
|
|
| Deny - LOLBins | Path | Deny | Standard Users | mshta.exe, wscript.exe, etc. |
|
|
| | | | | |
|
|
|
|
### Script Rules (PS1, BAT, CMD, VBS, JS)
|
|
|
|
| Rule Name | Type | Action | Scope | Conditions |
|
|
|-----------|------|--------|-------|------------|
|
|
| Default - Windows scripts | Path | Allow | Everyone | %WINDIR%\* |
|
|
| Default - Program Files scripts | Path | Allow | Everyone | %PROGRAMFILES%\* |
|
|
| Deny - User profile scripts | Path | Deny | Standard Users | %USERPROFILE%\* |
|
|
| | | | | |
|
|
|
|
### Windows Installer Rules (MSI, MSP, MST)
|
|
|
|
| Rule Name | Type | Action | Scope | Conditions |
|
|
|-----------|------|--------|-------|------------|
|
|
| Default - Signed MSI | Publisher | Allow | Everyone | All signed installers |
|
|
| | | | | |
|
|
|
|
## LOLBin Deny List
|
|
|
|
| Binary | Path | ATT&CK Technique | Risk |
|
|
|--------|------|------------------|------|
|
|
| mshta.exe | %SYSTEM32% | T1218.005 | HTA execution for code delivery |
|
|
| wscript.exe | %SYSTEM32% | T1059.005 | VBScript execution |
|
|
| cscript.exe | %SYSTEM32% | T1059.005 | Command-line scripting |
|
|
| regsvr32.exe | %SYSTEM32% | T1218.010 | COM scriptlet execution |
|
|
| certutil.exe | %SYSTEM32% | T1140 | File download and decode |
|
|
| msbuild.exe | .NET Framework | T1127.001 | Inline task execution |
|
|
|
|
## Audit Results Tracking
|
|
|
|
| Audit Period | Blocked Events | Legitimate Blocks | Rules Added | Remaining Issues |
|
|
|-------------|---------------|-------------------|-------------|-----------------|
|
|
| | | | | |
|
|
|
|
## Exception Register
|
|
|
|
| Application | Reason for Exception | Compensating Control | Approved By | Review Date |
|
|
|------------|---------------------|---------------------|-------------|-------------|
|
|
| | | | | |
|
|
|
|
## Sign-Off
|
|
|
|
| Role | Name | Date |
|
|
|------|------|------|
|
|
| Security Engineer | | |
|
|
| IT Operations Lead | | |
|
|
| Change Manager | | |
|