My last blog post on this platform

The content on Microsoft’s MSDN and TechNet blog platforms will soon become read-only. So, this is my last post here, but not my last post anywhere — here are my forwarding addresses: My future posts about “AaronLocker,” Sysinternals, non-admin tools, and any other topics I have covered or will someday get into will be on…


“AaronLocker” big perf and feature updates (17 June 2019)

(On the 15th anniversary of my first blog posts…) Performance improvements in the “AaronLocker” scripts, especially in Get-AppLockerEvents.ps1. And: Get-AppLockerEvents.ps1 … Now retrieves Packaged App events; -EventLogNames parameter supports retrieving from named event logs, to support the use case when forwarded events are saved in event logs other than “ForwardedEvents”; Removed all the field-omission switches…


“AaronLocker” updates (22 May 2019)

Always handles Portable Executable files even with non-standard extensions such as .tmp and determines whether it’s an EXE or DLL. (Ignores files with extensions that should never be PE files such as .txt). Ignores .js files by default; switches on scripts enable overriding to build rules for .js. (AppLocker enforced on .js files only through…


“AaronLocker” updates (13 May 2019)

Hot on the heels of yesterday’s changes, “AaronLocker” now handles EXE and DLL files with non-standard extensions. Scan a directory with, say, “*.pyd” files or “*.api” files or any other non-standard extension, the “AaronLocker” scripts now identify them, distinguish whether they are Win32 EXE or DLL rules, and builds rules to cover them. Reminders of “AaronLocker”…

1

“AaronLocker” updates (12 May 2019)

Just committed some changes to the “AaronLocker” repo on GitHub and its documentation. Changes include: Rule-generation for files in unsafe paths: always used to create one publisher or hash rule for each file in the directory hierarchy. New granularity options enable rules tied only to publisher name or publisher+product name instead of one-rule-per-file. Can dramatically reduce the…


“AaronLocker” videos on YouTube

7 minute “Intro to ‘AaronLocker’,” a set of PowerShell scripts that automate AppLocker-related tasks to achieve robust, practical, customizable, and maintainable application whitelisting for Windows.  https://youtu.be/nQyODwPR5qo 13 minute “AaronLocker Quick Start:” how to build, customize, and deploy robust and practical AppLocker rules quickly using AaronLocker. https://youtu.be/E-IrqFtJOKU

1

“AaronLocker” moved to GitHub

“AaronLocker” is a robust, practical, and free PowerShell-based application whitelisting solution for Windows, built on Windows AppLocker. Earlier posts with description here and here. Rather than continuing to attach zip files to blog posts, I have moved the “AaronLocker” materials, including scripts and documentation, to GitHub: https://github.com/Microsoft/AaronLocker. Among other things, this will make it easier to…