I knew the video would be longer than average but not this long 😩 📝Notes: • Also I figured this went without saying, but obviously if you download something malicious and add a rule to allow it, you will be infected. You still must ALWAYS be vigilant. And you should still also use an Antivirus, it’s not a replacement for that. • To get AppLocker policies to actually work, you might have to enable the "Application Identity" service and set it to start automatically if it isn't already. This requires a special command because it is a protect process (as opposed to just opening the services menu). To do this, run the command in command prompt as admin: sc.exe config appidsvc start= auto • Turns out you CAN actually add the Group Policy settings for PowerShell core without having to install PowerShell Core. I've added instructions to the ReadMe file in the resource pack in the description, but basically you download the latest zip release from Microsoft's PowerShell GitHub, and copy the files "PowerShellCoreExecutionPolicy.admx" and "PowerShellCoreExecutionPolicy.adml" into the directories "C:\Windows\PolicyDefinitions" and "C:\Windows\PolicyDefinitions\en-US" respectively.
@faelixy5
Жыл бұрын
it’s 52 minutes but ok-
@_SJ
Жыл бұрын
Looooonnngggg 😊
@ethimself5064
Жыл бұрын
🤣🤣
@CosmicCitiZenOfficial
Жыл бұрын
You made a Documentary....😄👏
@pyp2205
Жыл бұрын
Woah, I didn't realize how long this video is until I saw this comment.
@nikolamilasevic2176
Жыл бұрын
I don't know why everybody is emphasizing the duration of this video - for me - it was like watching a super interesting, informative and well-written documentary - the time just flew buy! Excellent work, thank you so much for your effort! Greetings from Croatia :)
@-_lIl_-
Жыл бұрын
is it just me or did this 52 minute tutorial feel like a 10 minute tutorial? "Good tutorials feel like they took a fraction of the actual time it took to complete it. Bad tutorials are the same, except the reason is because of leaving early due to how bad it is instead of being due to how good it is."
@GamerTheMK
4 ай бұрын
Same !
@trivalentclan
15 күн бұрын
Usually I have to slow down his videos to follow along that is after watching the whole video to get an overall understanding. It would take much longer to research all this and understand documentation. In other words I prefer that he uses as much time that is needed to completely explain.
@aaaaaaaaaaaaaaaaaaaaaaa935
Жыл бұрын
let's appreciate how much effort this guy spent to help us virus-proof our computers
@yashprogamer647
Жыл бұрын
Yes
@ppanigrahi
Жыл бұрын
Fully Agree
@gabe_0x
Жыл бұрын
As useful as these tools are, the single best anti-virus you can have is your own common sense.
@OGuiBlindao
Жыл бұрын
@@gabe_0xNot when a trusted program randomly downloads malware to your pc
@Splarkszter
5 ай бұрын
@@gabe_0x Everyone knows that but the human factor will ALWAYS fail. Social Engineering is too powerful because they exploit people in all ways imaginable. Hardening our systems will help as an early warning system, and if you actually put attention to the video, AppLocker is the single best tool ever for this kind of thing. Now i wish to know a HID whitelist system.
@M0VIE
Жыл бұрын
The hero we didn't know we deserved
@ziphhy
Жыл бұрын
He used to be the villain, happy he has become the hero.
@random_person618
Жыл бұрын
@@ziphhyMe too.
@chipproductions1510
Жыл бұрын
Who says we deserve him?
@alphainfinityX
Жыл бұрын
NGL I use to love the villain side of him back in the day
@SamuelViagus
Жыл бұрын
Yes
@hoffer_moment
Жыл бұрын
Here's what I did for my grandma's PC, very simple: - Require my own password for Administrative privileges so she can't do that - Set up a single browser so she has no access to other browsers, with downloads always dropping into the Downloads folder - Wrote a script to instantly delete any executables that enter the Downloads folder My beloved virus addict is now sober :)
@FladeTV
Жыл бұрын
Hey ThioJoe! I appreciate you making this more detailed and longer! 🎉
@craz7644
Жыл бұрын
Congrats on 3M subscribers! Well deserved!
@DavidKing
Жыл бұрын
This is amazing, thanks so much for taking the time and putting so much effort into this. You're a legend!
@homerw0rld
Жыл бұрын
one of the best tutorials for applocker, even one of the most in-depth well explained tutorial in general
@yashprogamer647
Жыл бұрын
I know
@Mikesco3
11 ай бұрын
You know @ThioJoe has a gift for teaching and explaining when the whole 50 minute video felt like 10 and you remember fairly well most of the process! Totally appreciate this video.
@Galactum
Жыл бұрын
I swear this video is so informative and useful it’s something you could probably charge for and make thousands off of but you were nice enough to give it to everyone for free, what a guy
@nicholashoi3155
Жыл бұрын
Best 50 minute of my time, thanks a lot TJ, definitely learned a lot.
@GianniLeonhart
Жыл бұрын
I have no intention to do any of this myself but I watched it all You made it very engaging and informative, I didn't noticed the length until it was almost done I wont mind more "complex" tutorials like this on in the future
@MRCREEPRO11
11 ай бұрын
that's why you blush the whole time
@orangecat2287
Жыл бұрын
We've been waiting! Thank you Thio!! 🎉🎉🎉
@liammullen3284
9 ай бұрын
Thank you for think of us and sharing this knowledge! You are the BEST!! I made the changes on my PC and hopefully the random file explorer windows opening will stop.
@schapman167
7 ай бұрын
@thiojoe, this was one of the best mapped out videos covering a relatively complex topic and one with lots of settings. We are implementing this, and your video has been shared to the team as the best tutorial about it.
@_SJ
Жыл бұрын
I think this is your second longest video. Nothing beats that 2 hour one
@pinoconte
6 ай бұрын
Hi ThioJoe, I just wanted to say thank you, although I'll never do any of what you've shown here. Just not Tech savvy enough.I do realize how much time you have spent on video. Thanks
@_SJ
Жыл бұрын
52 minute ThioJoe video? Yes please! 🙂
@froggygaming84
Жыл бұрын
yes
@_SJ
Жыл бұрын
@doubleWmemesYes, a few hours ago
@faelixy5
Жыл бұрын
wait what it’s published since 3 minutes but it says you posted this comment 12 hours ago
@CanDoesGames
Жыл бұрын
@@_SJ how did you even watch it before it was posted
@fundominant
Жыл бұрын
paid member @@CanDoesGames
@prince_julius
Жыл бұрын
This is one of those videos that I've saved up to watch, as you were asking in a recent poll. Thanks for the detailed explanation!
@cheplays2482
Жыл бұрын
"Comprehensive tutorial" is an understatement!
@peternrdstrm
Жыл бұрын
I'm really fascinated by this *type* of security. Antiviruses don't exite me, but this idea of reducing attack surface and plugging security holes is suuper amazing to me. I'd love to see more similar stuff
@Lofote
Жыл бұрын
Yes, whitelisting is so muc more powerful than blacklisting, in fact antivirus solutions are not able to defeat the 100.000 of new attacks nowadays. Plus it doesnt slow the machine down anymore like AV solutions :)
@andljoy
Жыл бұрын
Top tip if you are ever applying AppLocker policy in an AD domain NEVER and i mean NEVER edit a live policy always export the rules edit them locally and then re import. If something goes wrong ( and it can ) you can corrupt the policy and brick machines. I learned that the hard way, bricked about 20 machines . The best way to fix this is to switch to editing rules via configuration manager.
@Lofote
Жыл бұрын
With admin rights you can unbrick the machines, in the last instance you can boot from windows cd, shift f10, regedit, mount the local registry hives and remove the applocker rules :)
@Lofote
Жыл бұрын
Oh and to prevent this happening: allow wverything for admins, like the default templats suggests. I mean admins can do whatever they want anyway, effectively delete rules, thats why there is little sense in deleting the admincandoall rule :)
@S-axle
Жыл бұрын
Awesome video ThioJoe! Structured well like a course. 👍
@ionamygdalon2263
Жыл бұрын
Exactly what I was waiting for 🎉 Many, many thanks Thio ✌️
@Roc_ky
27 күн бұрын
Wow, this has played fully through! 😳 Was fixing a speaker bar while this played in the background 😅
@qazx-mp5rv
Жыл бұрын
THANK YOU SO MUCH! I've been waiting for a tutorial on how to set this up. Great video as always!
@friendlybutfire2556
Жыл бұрын
This might be the best video on your channel! I wanted to thank you for your effort doing this!
@glendubie
Жыл бұрын
Thank you for this very comprehensive tutorial, ThioJoe. It is much appreciated.
@Klusio19
Жыл бұрын
Holy moly this guy is insane! Take so much time and effort to make us safer
@aItaccount
Жыл бұрын
Thank you for putting so much time into this
@gunchag
11 ай бұрын
This video seems excalty what I was looking for. You saved me a lot of reading and studying time! Thank you very much!!!
@Manavetri
11 ай бұрын
This video structure is great and you explain it very well. Thanks for taking the time
@patrickarmstrong8908
Жыл бұрын
Another excellent how to video!! Many thanks. Had to enable “Application Identity” service to get AppLocker to work. However to get it to auto start.. Had to regedit and set its start to 2.
@TheStoff1975
Жыл бұрын
Awesome!! Unfortunately we wouldn't get rid of those pesky refund scammers with this but atleast we'd get away from ransomware and so on. Really great video, thanks!! Since I regularly reinstall my Windows I'm gonna have to delve deeper into how to transfer the settings to another computer, didn't know it was that easy!
@Sonic_X_Freddy_Lover001
Жыл бұрын
Thank you so much for this detailed guide. I was able to follow all of your instructions easily. I understood each and every step depicted in your video. By the way, I'm a big fan of your KZitem Channel. You make great videos. It's always a great time whenever I watch any of your videos. 😁
@rootdevelopment
Жыл бұрын
Love the content you have been putting out, really made me understand this underused feature!
@Gamer-ct6hb
Жыл бұрын
I can't get the system settings to launch. It's the exe rules that even when I allow path * and all signed it wont launch. It's really weird. It does mean that I can't use this though. Also event viewer is broke and can't get any AppLocker logs. This is Windows 11.
@tablettablete186
11 ай бұрын
Had the same exact problem. You have to add an allow rule to packaged apps (you just need to add MS provider). Unfortunately, I had to reinstall Windows after I locked myself (I actually tested on a VM first). Try WIN+R to bring a start program windows
@Gamer-ct6hb
11 ай бұрын
@@tablettablete186 That's... Broken behaviour. I had packaged apps on audit mode. Now that I added the rule (still in audit mode mind you) it works. Great to know that it's broken for some reason. Thank you!
@patricklechner1
Жыл бұрын
Can you do a comparison between Applocker and Windows Application Control? And how to set up WDAC?
@ThioJoe
Жыл бұрын
I’m not as familiar with WDAC, but I have dabbled with it. It is harder to set up but has some advantages over AppLocker. The biggest problem is there is no GUI for WDAC.
@patricklechner1
Жыл бұрын
@@ThioJoe isn't it set through a program where you can create a customized script that enforces what it runs?
@kennethhusayn9354
Жыл бұрын
@@patricklechner1 You can manage WDAC through either the ConfigCI suite of PowerShell cmdlets, or you can create WDAC policies with the WDAC Wizard (which is a project maintained by Microsoft.) Edit: Despite that, managing WDAC through both of those options is still a pain, and there is not yet a full-automation solution for WDAC on the market.
@kennethhusayn9354
Жыл бұрын
WDAC can control apps that run in Kernel mode as well as User mode. (AppLocker just deals in User mode.) Also, if you create a signed WDAC policy and put it in the UEFI partition, then it becomes much harder for a hacker--even with admin privileges--to remove (unless they can get ahold of the signing certificate.) WDAC does NOT control .BAT scripts. (There's other minor differences in the file types that they maintain.) WDAC is applied to the whole device regardless of the user account, but AppLocker allows you to vary rule enforcement based on different user accounts. The logs for WDAC events are located in the Event Viewer -> in Applications and Services logs > Microsoft > Windows > CodeIntegrity > Operational. HOWEVER, logs for WDAC enforcement events involving scripts and MSI files are still located in the "AppLocker" location described in this video.
@patricklechner1
Жыл бұрын
@kennethhusayn9354 thank you so much
@demodandy1
Жыл бұрын
Awsome Video😀
@KryzysX
Жыл бұрын
An hour video... thanks man!
@MasterChiefSpartan
Жыл бұрын
Just did it ! Enjoyed the entire video.
@Imran_FBD
8 ай бұрын
I appreciate the effort for this. Thank you Joe.
@jim9463
Жыл бұрын
Just what I was looking for! Great vid
@paulatreides9709
Жыл бұрын
best time spent on windows security, thank you for sharing!
@OGuiBlindao
Жыл бұрын
Thanks for the super paranoid virus guide, will be installing in my pc
@faelixy5
Жыл бұрын
I heard if you say your favorite youtuber 3 times you will get a hearted comment ThioJoe ThioJoe ThioJoe 👌
@liameyles1450
6 ай бұрын
thank you for this been wanting to know how this is set up
@666KoXz666
Жыл бұрын
Ok, I watched every second and did that all. Now Im affraid to restart pc :D
@boydfields
Жыл бұрын
Very informative. Great job! Much appreciated.
@nickdowse
Жыл бұрын
Thanks so much! Glad I was patient :)
@tazguy371
Жыл бұрын
Great section on allow and deny rules also 👍
@axq3837
Жыл бұрын
Well done, Thio! Another suggestion for a video would be about Azure Information Protection and DLP (Data Loss Prevention). What files are protected, what can be managed, tracking files on disk and in transit etc.
@satchguitar84
6 ай бұрын
Love this, suggestion/question for the import files you have (thanks btw), any reason you can't replace all of the WHATEVERUSERNAME placeholders with %USERNAME%
@AndrasBolgar
Жыл бұрын
I finished. Thank you for the great video and the detailed guide.
@protogen_1414
8 ай бұрын
If someone got trouble running a program, just take a look into event viewer to see which sub-program for example is getting blocked
@yashprogamer647
Жыл бұрын
One of my favorite youtubers
@6644guilherme
Жыл бұрын
May god bless you thio. Have a great day
@JosephReidNZ
Жыл бұрын
You're excellent, Joe! I would love to share with you my motivational presentation about my life with Cerebral Palsy, and how tech has enabled me to lead a normal life online.
@-_lIl_-
Жыл бұрын
I wasn't so paranoid until my avast antivirus was not protecting me, and the UI was bugged so i couldnt access it but in the ui it said that it was protecting me, but in the tray icon it said i wasnt. aa restart showed that my firewall was disabled and i IMMEDIATELY activated it and did a full virus scan. Now here I am, doing this regardless of the inconvenience of it. A few menu navigation clicks as an inconvenience is nothing compared to trying to remove dangerous malware from your computer and possibly spend hundreds to get it repaired if your not good with tech, and possibly even thousands if it cannot be removed and you have to buy a new pc. "Paranoia is not an inconvenience, it is your body's natural safeguard when it senses danger"
@CanDoesGames
Жыл бұрын
YO ALMOST ONE HOUR OF CONTENT???? I CANT WAIT
@DS-nu7kx
Жыл бұрын
Thanks for the long and detailed video, will be testing this out... I'm curious how this is implemented on a domain (as far as scripts go, what has priority.. still local machine?) Keep up the great work!
@chrisw.1090
Жыл бұрын
Wow, awesome work! This is very technical but also very thorough. One thing I found was my Application Identity service was not running for some reason. Even though I'm logged in as admin I could not set it to run automatically. But found a PS script that was able to set it. :) This whole process seems a little "quirky" though. The audit event log doesn't seem to work for me. But when I change it to Enforce, then the events start showing. Microsoft is also so "fun" to try to figure out. :D
@TechHowYT
Жыл бұрын
Do you mind sharing that PS script? I'm having the same issue. I can get it to run on Windows 11 Pro, but not Windows 10 Pro. Very strange...
@Whitemike63
Жыл бұрын
You are logged as root. You are a hackers perfect target man. Linux does it right only when you need root, install a program and punch password you get 15 mins of root running. This is very dangerous having it 24/.
@sandalwood4271
10 ай бұрын
@@Whitemike63 In Windows, it works a bit differently. As far as I can tell, most users have admin-level control of the system by default (without editing group policy settings, of course), which isn't too dangerous because admin accounts, despite the implications in the name, don't actually have full system access, like the Linux root account. In fact, it's supposed to be extremely difficult to scale a user's system-wide authority to root-level in the first place.
@yy928
Жыл бұрын
Thank you for your hard work. Much appreciated.
@eberkberk8256
23 күн бұрын
I see that you can allow only signed executables. But can you block executables signed sha1 only? Sha1 was broken awhile ago and is practically useless.
@UmVtCg
Жыл бұрын
Why create 2 MMC files when Event viewer and GPO AppLocker can be added in a single Console. From there just add some windows. I've got a console with a whole bunch of tools even some custom scripts that I can launch from the MMC.
@filipetrujeira3359
Жыл бұрын
Im really proud lol, I have made a Powershell script which I added to the context menu which allows me to on right clicking the file, instantly whitelisting it.
@suhaibanisansari
4 ай бұрын
Excellent!
@BASSNETIC-MUSIC
10 ай бұрын
Super helpful video! Thank you very much. One thing I noticed is that some malware use a Microsoft certificate that is used to encrypt. Is AppLocker smart enough to not fall for that? Edit: There is a right-click option to "Automatically generate" also. How well does that work and what does it do?
@jonathan1683
2 ай бұрын
I noticed there a tons of DLLs that are not signed show they will be blocked. I also noticed that regedit the file you are using as a sample is also not signed? Will this cause a problem?
@jonathan1683
2 ай бұрын
ever time I try to save the updated directory path for my username i get an error policy could not be saved error unspecified error violates pattern constraint
@FairwellNoob
Жыл бұрын
I have noticed an error at Creating a Shortcut to AppLocker at 3:43. The path you listed is correct, but you forgot to list "Windows Settings" after computer configuration in the red text box path
@judeleon8485
Жыл бұрын
Thanks ThioJoe for this great content. For me the length of the video is very OK, considering the content. However, following this tutorial is a challenge. It's difficult to know how you arrived at certain point by the clicks of the mouse due to the speed and rate of zooming in and out. The movement of the mouse pointer on the screen is almost at the "speed of light". Maybe it's just me seeing it that way
@ThioJoe
Жыл бұрын
Yea I realized afterwards I wasn’t really explaining everything I was doing so I tried to add on-screen explanations at some point. Some parts might be helped by putting the video on 0.5x speed
@KurszakGruby
11 ай бұрын
Great job, thanks!
@terriblegamer6975
3 ай бұрын
Also when checking event viewer events in these custom views that just happened disappear even though other older events in other logs are still there.
@Chewbucksa
Жыл бұрын
Super helpful. The only problem is my Event Viewer isn't showing the audit logs at all. It's as if nothing is run.
@terriblegamer6975
3 ай бұрын
Is an allow for executable installer or other installer for example make it so a uac prompt doesn't show up when it normally would if no applocker was configured
@winnerd6772
9 ай бұрын
Superb❤
@alleeadl289
Жыл бұрын
perfect video thanks a lot i didn't even know what this tool do even after using windows for 15 years already 🤣
@TheBoostedDoge
Жыл бұрын
Thank you for once again scratching my cybersecurity paranoia itch
@eggroll121
Жыл бұрын
I am not able to see app locker from the event viewer under custom view. You lost me at 6:35 in your video. Furthermore, I don't see the events under app locker in custom view. My events are found under administrative events.
@deepaknaik639
Ай бұрын
How to apply File hash rule to some applications through GPO to systems. Which is not installed on server
@N....
Жыл бұрын
Doesn't Steam set the permissions on some folders in its install directory to be modifiable without elevation? I imagine it would be difficult to configure rules properly to allow games to run but disallow malware from copying executables into the same directories as the games...
@futuza
Жыл бұрын
That's what the file hash exceptions are for. That said, very few malwares are going to try the trick of copying themselves into a game's directory to attempt to use that as a staging ground, so the possibility of that happening is pretty remote. Most malware authors are not going to be writing it to tailor to your specific security policies/install setup, but hitting broader targets and going for typically unprotected areas like the Windows directory or Program Files directory etc. since most malware is just trying to find as many vulnerable victims as possible and ignore hardened systems. It's certainly possible malware could be written to do that though. Real dangerous malware, like the kind the NSA or other state sponsored hacking organizations create, and not just script kiddie stuff, are going to use previously unknown zero-day vulnerabilities to get around security policies (such as the Windows AppLocker) rendering all of this useless against them. If you're being targeted specifically by the NSA though you're kinda just screwed at that point.
@Praxss
Жыл бұрын
Adding more application those can be use pro-actively: Simplewall or Portmaster Excellent firewall application
@royhuhmeah
Жыл бұрын
"Windows 10 Pro Watermark Edition" 😂😂😂
@FatDawlf
Жыл бұрын
Informative However, if the OS itself has no care for your data or privacy in the first place, whatever you'd do on top of it just makes your data more exclusive to Microsoft and the third parties they send your data to
@Alexus00712
Жыл бұрын
"28 second" old, never been this early for a TJ video before, and a very interesting and informative video too! =D
@yashprogamer647
Жыл бұрын
Did you watch it
@Proferk
Жыл бұрын
ago*
@Alexus00712
Жыл бұрын
@@yashprogamer647I have now, it was very interesting and informative
@klocugh12
Жыл бұрын
Gotta commend you on the effort!
@This_Appear
Жыл бұрын
Thank you so much!!!
@Biggus-tq2fp
3 ай бұрын
can they hack your "digital fingerprint" or URLs that can change your incoming and outgoing data? via router or dns.? and not have the device actually hacked? I'm going crazy with what they did to me and will not stop.
@grandasperj
Жыл бұрын
thiojoe : you can use windows watermak edition me : or you can use hwidgen 😎
@EvilDaveCanada
11 ай бұрын
Ever thought of putting some sort of filter in the system? If the cooling fluid is not under pressure then maybe a simple coffee filter could catch this stuff.
@Hubfootball90
Жыл бұрын
I have a problem in windows whenever I try to open icon it automatically opens the first icon besides this I can't scroll down it automatically scrolls up please help me this problem I have executed so many commands but can't get of it
@MiC-YT
Жыл бұрын
i going around powershell execution policies with the classic command prompt (cmd). can it restrict it, too? or it is still a legacy security problem, which cannot be regulated other than turning it off completely?
@imreloadin
Жыл бұрын
Who else remembers when ThioJoe used to just troll people with his videos?
@polinaasmr340
2 ай бұрын
no GROUP POLICY appeared from my end. then what to do next?
@joseph_tan01
Жыл бұрын
Hi! I think the toggle rule can change the path to %temp% instead of putting full path (C:\Users\Joe\Appdata\Local\Temp) on your rules.
@ThioJoe
Жыл бұрын
Normally you'd be right but AppLocker path rules actually have a limited set of variables that can be used, not all normal environment variables. See here: learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker
@GauravKumar-qe7iu
Жыл бұрын
Is it feasible to devise a script that establishes an 'allow' rule for executing a specific application, alongside another script to subsequently revoke this 'allow' rule? This would enable me to proactively enable and disable applock rules for a particular application, both prior to and following its execution. Additionally, I'm interested in maintaining a default state of denying the execution of all applications and scripts.???? I'm just curious 🧐.
@xaveforum4all0
Жыл бұрын
if anyone even doest see that this GPO settings wil working the Service "Application Identity" must be running else the rule changes doest take any effect it look like that it even take effect after using gpupdate /force
@Trinitrophenylmethylnitramines
Жыл бұрын
If i want only Google Chrome access the Chrome's cookie foler what rule should i make?
Пікірлер: 326