Skip to content

Using octoplant in combination with an already existing Windows AppLocker strategy

Warning

The documentation below does not serve as a guide of how to properly set up Windows AppLocker. It only serves to show how an admin who already has Windows AppLocker properly set up and in use could potentially use the tool in combination with octoplant.

Warning

We strongly urge that you only use octoplant in combination with Windows AppLocker, if you already have Windows AppLocker set up and you are not able to run octoplant on the client. Should you decide to make use of Windows AppLocker, it is imperative that only experts with prior training and proven experience handle the setup and operation of this tool.

octoplant can be used in combination with the defense-in-depth security feature, Windows AppLocker. The Windows AppLocker is a tool that allows admins to blacklist/whitelist applications. Admins can use it to exert control over which apps and files users can run, and where they can/can't be run from.

Info

Ensure that the Application Identity service is running in Services. As this service determines and verifies the identity of an application, disabling it will prevent AppLocker rules from being enforced.

Configuring settings for using Windows AppLocker

To configure settings for using Windows AppLocker with octoplant, proceed as follows:

  1. In Local Security Policy, go to Application Control Policies and select AppLocker.
  2. Right-click on AppLocker and select Properties.
  3. Ensure that the Configured checkbox is activated for Executable rules, Windows Installer rules, Script rules, and Packaged app Rules.
  4. Use the dropdown menu to set each rule collection to Enforce rules. This will ensure that rules are enforced for each rule collection.
  5. Select OK.
  6. Settings for using Windows AppLocker with octoplant have now been configured.

Creating Default Rules for Windows AppLocker

To create Default Rules for using Windows AppLocker with octoplant, proceed as follows:

Info

Ensure that you have default rules properly created and set up, before you create any others.

  1. Right-click on Executable Rules and select Create Default Rules. This will ensure that:
    1. All programs in Program files and Windows folders are able to run.
    2. Administrators are allowed to run all files (therefore, there are no limitations on them.)
  2. The Default Rules will be automatically generated and will be visible in Executable Rules.

Automatically Generating Rules

You can use the Automatically Generate Rules... function, to ensure that everyone in the Users group can access files located in the octoplant installation directory.

To automatically generate rules for the purpose of using octoplant with Windows AppLocker, proceed as follows:

  1. Right-click again on Executable Rules and select Automatically Generate Rules....
  2. Next to User or security group that the rules will apply to, select Select....
  3. Select Advanced.
  4. Next to From this location, select Locations.... Set the location to the PC you're working on.
  5. Select Find now and, in the Search results, scroll down and select Users.
  6. Select OK.
  7. You should now see BUILTIN\Users in User or security group that the rules will apply to.
  8. Next to Folder that contains the files to be analyzed, select Browse....
  9. In the Browse For Folder window, go to Program Files (x86) and select vdogClient.
  10. Select OK.
  11. Set Name to identify this set of rules to octoClient.
  12. Select Next.
  13. In Rule Preferences, select Create file hash rules for all files.
  14. Rules will be generated and can be reviewed in Review files that were analyzed and View rules that will be automatically created.
  15. Select Create to close the wizard and create the rules.
  16. The rules you configured in Automatically Generate Rules... will now appear in Executable rules. Executable_Rules_Section.png

Creating a new rule to define user access to DRIVE SNAPSHOT FOR WINDOWSNT

To define user access to DRIVE SNAPSHOT FOR WINDOWSNT product from O=TOM EHLERT SOFTWARE E.K, L=AACHEN, S=NORDRHEIN-WESTFALEN,C=DE publisher, proceed as follows:

  1. Right-click on Executable Rules and select Create New Rule....
  2. The Executable Rules wizard will open.
  3. In Permissions, set the Action to Allow.
  4. Next to User or group select Select....
  5. Select Advanced.
  6. Next to From this location, select Locations.... Set the location to the PC you're working on.
  7. Select Find now and, in the Search results, scroll down and select Users.
  8. Select OK.
  9. You should now see BUILTIN\Users in Enter the object name to select.
  10. Select OK.
  11. Select Next.
  12. In Conditions, select Publisher.
  13. In Publisher, go to Reference file and select Browse..., then go to C:\Program Files (x86)\vdogServer\auvesy_services and select snapshot.
  14. Select Open.
  15. Set bar to rest on File name. Create_Executable_Rules.png
  16. Select Next.
  17. In Exceptions, if there are no exceptions to be configured, select Next.
  18. Enter a name to identify this rule.
  19. Select Create.
  20. The new rule defining user access to DRIVE SNAPSHOT FOR WINDOWSNT will now appear in Executable rules.