“AaronLocker” updates (22 May 2019)

Always handles Portable Executable files even with non-standard extensions such as .tmp and determines whether it’s an EXE or DLL. (Ignores files with extensions that should never be PE files such as .txt). Ignores .js files by default; switches on scripts enable overriding to build rules for .js. (AppLocker enforced on .js files only through…


“AaronLocker” updates (13 May 2019)

Hot on the heels of yesterday’s changes, “AaronLocker” now handles EXE and DLL files with non-standard extensions. Scan a directory with, say, “*.pyd” files or “*.api” files or any other non-standard extension, the “AaronLocker” scripts now identify them, distinguish whether they are Win32 EXE or DLL rules, and builds rules to cover them. Reminders of “AaronLocker”…


“AaronLocker” updates (12 May 2019)

Just committed some changes to the “AaronLocker” repo on GitHub and its documentation. Changes include: Rule-generation for files in unsafe paths: always used to create one publisher or hash rule for each file in the directory hierarchy. New granularity options enable rules tied only to publisher name or publisher+product name instead of one-rule-per-file. Can dramatically reduce the…


“AaronLocker” videos on YouTube

7 minute “Intro to ‘AaronLocker’,” a set of PowerShell scripts that automate AppLocker-related tasks to achieve robust, practical, customizable, and maintainable application whitelisting for Windows.  https://youtu.be/nQyODwPR5qo 13 minute “AaronLocker Quick Start:” how to build, customize, and deploy robust and practical AppLocker rules quickly using AaronLocker. https://youtu.be/E-IrqFtJOKU


“AaronLocker” moved to GitHub

“AaronLocker” is a robust, practical, and free PowerShell-based application whitelisting solution for Windows, built on Windows AppLocker. Earlier posts with description here and here. Rather than continuing to attach zip files to blog posts, I have moved the “AaronLocker” materials, including scripts and documentation, to GitHub: https://github.com/Microsoft/AaronLocker. Among other things, this will make it easier to…


“AaronLocker” update (v0.91) — and see “AaronLocker” in action on Channel 9!

“AaronLocker” is a robust, practical, PowerShell-based application whitelisting solution for Windows. See it in action in this new Defrag Tools episode on Channel 9! [Update 28 January 2019: content moved to GitHub] This update to the original 0.9 release includes these improvements: Documentation updates, particularly in the area of Group Policy control; Blocks execution from…


ANNOUNCING: Application whitelisting with “AaronLocker”

[Update 11 Oct 2018: “AaronLocker” v0.91 released] Announcing the pre-release (v0.9) of “AaronLocker:” robust and practical application whitelisting for Windows. AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize…


The Case of the Reverting Office Theme (resolved with a long-running Procmon trace)

Several times a day, all my Office apps kept reverting to the default “Colorful” theme, even though I had set it to the “White” theme. I prefer the “White” theme because I customize the Quick Access Toolbar in my Office apps with extra icons. Those icons have colors, and the oddly-misnamed “Colorful” theme renders them…


Troubleshooting with the Windows Sysinternals Tools – now available!

Over three years ago, I announced that Mark Russinovich and I had signed a contract with Microsoft Press to write the Second Edition of the Windows Sysinternals Administrator’s Reference. I figured it would take a year to finish it. I underestimated. 🙂 But Mark and I are happy that we can finally tell you that Troubleshooting with the…


LUA Buglight 2.3, with support for Windows 8.1 and Windows 10

LUA Buglight is a utility for identifying admin-permissions issues (a.k.a., “LUA bugs”) in desktop applications. That is, it identifies the specific reasons that a particular application works only when run with administrative rights. Version 2.3 is attached to this blog post and adds support for Windows 8.1, Windows Server 2012 R2, and Windows 10. It has…