locked
Windows 7 Enterprise Applocker Publishing Rule not Working RRS feed

  • Question

  • Hi,

    I set up the Default Applocker Allow Rules for Executables, Windows Installer, Script Rules and no DLL Rules are configured. I then want to create a Publisher Rule for an executable that is running on the network. To be able to create the rule I have to copy the executable to the local systen and then create the rule. No problems here.

    Problem is that after creating the rule it does not work cause the user is not allowed to start the program. It is still blocked by Applocker. The executable is properly signed by a valid code signing certificate and using * to make rule "easier" do not help.

    Is it possible to create publisher rules for network executables? Do I miss something or overlook something?

    If you need more information i'm glad to give it.

    I hope somebody can help me.

    Thank you.

    DJITS.

    P.S. Path and File Hash rules for the same application do work.

    Monday, November 7, 2011 1:59 PM

Answers

  • Hi DJITS,

    AppLocker rules are applied regardless of where the executable file is located, such as on a network, on a USB drive, or in a mail attachment.

    How about other applications? I suggest you test this on other applications. It seems like the Publisher related issue. Because this Publisher rule identifies an application based on its digital signature and extended attributes.

    Regards,

    Miya

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tnmff@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Edited by Miya Yao Tuesday, November 8, 2011 7:19 AM
    • Marked as answer by Miya Yao Tuesday, November 15, 2011 5:34 AM
    Tuesday, November 8, 2011 7:18 AM
  • Hi Miya,

    Thank you for the tip. I put a test application in the same location and created a new publisher rule and it works. I then compared the two code signing certificates and found that the one not working has on the advanced tab (right click the executable -> Digital Signatures tab -> Details -> Advanced) a md5 Digest algorithm and uses 1024Bit encryption. the one that is working uses sha1 and 2048Bit encryption.

    Any ideas?

    Thank you.

    DJITS.

    • Proposed as answer by Miya Yao Thursday, November 10, 2011 6:55 AM
    • Marked as answer by Miya Yao Tuesday, November 15, 2011 5:34 AM
    Tuesday, November 8, 2011 10:05 AM

All replies

  • Hi DJITS,

    AppLocker rules are applied regardless of where the executable file is located, such as on a network, on a USB drive, or in a mail attachment.

    How about other applications? I suggest you test this on other applications. It seems like the Publisher related issue. Because this Publisher rule identifies an application based on its digital signature and extended attributes.

    Regards,

    Miya

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tnmff@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Edited by Miya Yao Tuesday, November 8, 2011 7:19 AM
    • Marked as answer by Miya Yao Tuesday, November 15, 2011 5:34 AM
    Tuesday, November 8, 2011 7:18 AM
  • Hi Miya,

    Thank you for the tip. I put a test application in the same location and created a new publisher rule and it works. I then compared the two code signing certificates and found that the one not working has on the advanced tab (right click the executable -> Digital Signatures tab -> Details -> Advanced) a md5 Digest algorithm and uses 1024Bit encryption. the one that is working uses sha1 and 2048Bit encryption.

    Any ideas?

    Thank you.

    DJITS.

    • Proposed as answer by Miya Yao Thursday, November 10, 2011 6:55 AM
    • Marked as answer by Miya Yao Tuesday, November 15, 2011 5:34 AM
    Tuesday, November 8, 2011 10:05 AM
  • Hi DJITS,

    Glad to hear the issue is narrowed down.

    I suggest you create the hash rule for this specific application.

    Regards,

    Miya

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tnmff@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, November 10, 2011 6:55 AM
  • As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as "Answered" as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up.

    Thanks for your understanding and cooperation!

    Regards,

    Miya

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tnmff@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, November 15, 2011 5:34 AM