“AaronLocker” updates (13 May 2019)

Hot on the heels of yesterday's changes, "AaronLocker" now handles EXE and DLL files with non-standard extensions. Scan a directory with, say, "*.pyd" files or "*.api" files or any other non-standard extension, the "AaronLocker" scripts now identify them, distinguish whether they are Win32 EXE or DLL rules, and builds rules to cover them.

Reminders of "AaronLocker" resources:

7 minute "Intro to 'AaronLocker:'"
https://youtu.be/nQyODwPR5qo

13 minute "AaronLocker Quick Start" - how to build, customize, and deploy robust and practical AppLocker rules quickly using AaronLocker:
https://youtu.be/E-IrqFtJOKU

All scripts and full documentation on GitHub:
https://github.com/Microsoft/AaronLocker

Blog posts:
https://blogs.msdn.microsoft.com/aaron_margosis/tag/aaronlocker/

Comments

  • Anonymous
    May 14, 2019
    This is some great stuff Aaron, thank you. In regards to the Intel batch file issue with the older video driver, what would you recommend for a short term solution for enterprises to deal with that while planning for a rollout of the newer video driver that addresses that problem?[Aaron Margosis] There's no good way to allow those batch files to run. However, I've never noticed any problems when they've been blocked.