Airlock vs Microsoft AppLocker™

Not all application whitelists are created equal.

Microsoft AppLocker performs rudimentary application whitelisting and is heavily reliant on insecure user + file exemptions to function. 

Airlock enforces easily configurable and secure application whitelists, based on cryptographic hash values that are unable to be bypassed by administrative users.

Airlock

  • Airlock enforces application whitelisting using cryptographic hash values, no large directory or publisher exemptions are required;
  • Airlock performs application whitelisting on all application libraries (.dll files), preventing the increasing occurrence of application library malware;
  • Airlock tracks the execution and history of all files across your endpoints, discover where a file was first seen and what network connections it made;
  • All users including local administrative users are unable to circumvent the application whitelist;
  • Airlock file activity is displayed in an easy to view client interface, this information is available centrally in a single console; and
  • Whenever Airlock performs a block operation it is logged and displayed to the user (if desired), every time.

Microsoft AppLocker™

  • Local administrators are exempt from Applocker enforcement by default;
  • C:\Windows, C:\Program Files (x86) & C:\Program Files\ are exempt from Application Whitelisting by default (Applocker relies on users not being able to write to these directories);
  • Administrators can disable Applocker through group policy modification or by disabling the ‘Application Identity’ service;
  • Block and allow notifications are recorded in the local endpoints Windows Event Logs and require a third party SIEM for review;
  • Applocker block notifications may be suppressed by running applications;
  • Applocker does not support the number of rule entries required for hash based application whitelisting due to group policy limitations;
  • It is extremely difficult to perform application whitelisting of application libraries in changing environments with Applocker; and
  • Additional hotfixes are required to prevent AppLocker bypass techniques.

TLDR; Not all application whitelists provide the same level of security, ensure you understand the limitations.

About Airlock Digital

Airlock Digital was founded in 2013 with one goal: Enable organisations to implement and maintain application whitelisting, simply and securely, in dynamic computing environments.

The founders of Airlock Digital have spent years implementing application whitelisting technologies in enterprise organisations and deeply understand real-world whitelisting challenges. Airlock Digital was born out of necessity to address these challenges, as a new approach to application whitelisting was needed.

AppLocker(TM) is a Trademark of Microsoft Corporation