Application Whitelisting Procedure

  • 2 minutes to read

Purpose

This document outlines the procedures to whitelist applications on enrolled devices. The CAAS model employs a zero-trust model with AppLocker policies, meaning all applications are restricted on workstations unless explicitly granted by application name and/or publisher signature.

Authorized Roles

Reminder: Always review the roles of OSC users to ensure they align with the Authorized Roles. No action should be taken without a request from or approval by a user assigned the appropriate authorized role.

  • Authorized Managers
  • Intune Administrator

Request Form Requirements

Requests can be made directly to support@nimbus-logic.us and should include all of the following information. This request must come from a member of the OSC’s Authorized Managers group.

App Information:

  • Application Name
  • Full Publisher Signature

  • File Hash (If Publisher Signature not available)

    This information can be gathered by taking the following steps:
    Required information for application whitelisting

    1. Run powershell with administrative privileges

    2. Run the following command on each EXE / DLL / file that needs to be added to the AppLocker whitelist by PUBLISHER:

      Get-AppLockerFileInformation -Path "C:\path\to\file\file.exe" | export-csv "C:\whitelist_info.csv" -Append -NoTypeInformation

      Alternatively, this command can be run on all files in a directory by using:

      Get-AppLockerFileInformation -Directory C:\Windows\system32\ -Recurse -FileType exe, script, dll | export-csv "c:\whitelist_info.csv" -Append -NoTypeInformation

      If you are whitelisting by FILE HASH, source length is needed which is not included in the original output. To get the file hash info you need to run:

      $appLockerFile = Get-AppLockerFileInformation -Directory "<path to file needing whitelisting> " | where Path -match "<filename>"

      $appLockerFile.hash

      Provide the output of the $appLockerFile variable.

    3. Every file/folder that this command is run on will be appended to c:\whitelist_info.csv. Once the Get-AppLockerFileInformation command has been run on all files, please send an email with the CSV file attached to it to: support@nimbus-logic.us with the subject “AppLocker info for yourdomain.com.”

      Procedure

      Nimbus Logic admin to perform the following:

  • Format the AppLocker rule in the required XML format.
  • Append the AppLocker rule to the end of the EXE/DLL/Script Policy.
  • Apply the Applocker Policy to Intune & Deploy.