“AaronLocker” updates (13 May 2019)

Hot on the heels of yesterday's changes, "AaronLocker" now handles EXE and DLL files with non-standard extensions. Scan a directory with, say, "*.pyd" files or "*.api" files or any other non-standard extension, the "AaronLocker" scripts now identify them, distinguish whether they are Win32 EXE or DLL rules, and builds rules to cover them.

Reminders of "AaronLocker" resources:

7 minute "Intro to 'AaronLocker:'"

13 minute "AaronLocker Quick Start" - how to build, customize, and deploy robust and practical AppLocker rules quickly using AaronLocker:

All scripts and full documentation on GitHub:

Blog posts:

Comments (1)
  1. This is some great stuff Aaron, thank you. In regards to the Intel batch file issue with the older video driver, what would you recommend for a short term solution for enterprises to deal with that while planning for a rollout of the newer video driver that addresses that problem?

    [Aaron Margosis] There’s no good way to allow those batch files to run. However, I’ve never noticed any problems when they’ve been blocked.

Comments are closed.

Skip to main content