In today’s harsh security landscape, the best way to stay safe and protected is by carrying out the of application whitelisting on your Windows computer. When you do this, only software that you have whitelisted will be allowed to run on your system, as a result of which, unknown executive files, malware or ransomware will just not be able to run. So let us take a look at some of the options using which you can blacklist or whitelist a program on a Windows computer.
Application whitelisting is good practice that most IT administrators employ to prevent unauthorized executable files or programs from running on their system. Home users too can take advantage of whitelisting. Here are a few options that Windows users can take a look at and see which they are most comfortable in deploying on their PC. Some methods are advanced while some are pretty basic and may offer limited protection only.
Whitelist a program on Windows
1] If you are using Windows Pro or Enterprise edition, you can make use of the Security Policy setting to whitelist programs. To do this, type secpol.msc in Run box and hit Enter to open the Local Security Policy Editor.
Under Security Settings, you will see Software Restriction Policies. If no policies are in force, you will have to create a new SRP by right-clicking on it and selecting Create a new policy.
Once you have done this, from the right pane, you can use a double-click on Enforcement, Designated File Types & Trusted Publishers to set your whitelisting preferences.
Using Software Restriction Policies, you can:
- Whitelist programs
- Fight malware
- Regulate which ActiveX controls can be downloaded
- Run only digitally signed scripts
- Allow only approved software to be installed
- Lockdown a system.
You will then have to open the Security Levels folder and set the default security action. The options are:
- Basic User
Since we want to allow only whitelisted applications to run, you have to double-click on Disallowed and then set it as the default action.
For more details on this, you can visit TechNet.
2] The Windows AppLocker lets an administrator block or allow certain users from installing or using certain applications. You can use blacklisting rules or whitelisting rules to achieve this result. AppLocker helps administrators control which applications and files users can run. These include executable files, scripts, Windows Installer files, DLLs, Packaged apps, and Packaged app installers. This feature is available on Enterprise editions of Windows only. In Windows 10/8 Applocker lets you block legacy as well as Windows Store apps.
You can use Windows built-in feature AppLocker to prevent Users from installing or running Windows Store Apps and to control which software should run. You may configure your device accordingly to reduce chances of Cryptolocker ransomware infection.
You can also use it to mitigate ransomware by blocking executable not signed, in places ransomware like:
- <users profile>\AppData\Local\Temp
- <users profile>\AppData\Local\Temp\*
- <users profile>\AppData\Local\Temp\*\*
This post will tell you how to create rules with AppLocker to an executable, and whitelist applications.
3] CryptoPrevent includes a feature called Whitelist that lets you add some trustworthy programs that need to be executed from locations that tool blocks. Hence if you are sure that a particular program is reliable and should be able to use any location it wants, you can add those programs to the whitelist.
4] Most Internet Security Suites allow you to blacklist or whitelist programs. If you are using one, go through its settings and try to find it. You can configure exclusions or add applications to its trusted list.
5] NoVirusThanks Driver Radar Pro is a useful application that allows you to allow or deny the loading of kernel files and further also set up secure whitelisting methods.
6] If you are looking for a tool, then VoodooShield is a free anti-executable security software that will help you to whitelist programs and protect your Windows PC from malware and offers HIPS or Host Intrusion Prevention. Once turned on, the program will protect your status quo and not allow anything new to run. If something new does attempt to run, you will be notified, and your permission will be sought to allow it or not. Once you allow a program, it will get whitelisted, making things easy for you.
7] AppSamvid Application Whitelisting software is designed and developed by Centre for Development of Advanced Computing (C-DAC) and under Government of India’s Digital India initiative.
Blacklist a program on Windows
8] You can configure and allow Windows to run selected Programs only using the Local Group Policy Editor – and consequently whitelist programs which can run. You will have to enable & configure the Run only specified Windows Applications setting.
9] Using Microsoft Family Safety you can allow or block the apps and games. But there are limitations to this and the settings are very basic.
10] If your version of Windows has the Group Policy Editor, you can also configure it to block users from installing or running programs.
11] If you are looking for a free tool, then our Windows Program Blocker is a free application blocker software that can block software from running on Windows 10/8.1/8/7.
If you are a home user, I would suggest you install Enhanced Mitigation Experience Toolkit, which is a free tool from Microsoft that is designed to prevent exploits and allow administrators control when third-party plugins should be launched. It prevents vulnerabilities in installed software from being exploited by malware and malicious processes. It is not exactly a whitelisting/blacklisting tool, but it can be pretty effective against ransomware – if that is what you are looking for. It is basically an install-with-default-settings and forget-it tool, and I use on my Windows 10 PC.