CCE-37455-3Platform: win2012r2 | Date: (C)2015-10-08 (M)2022-10-10 |
Check if AppLocker is Enabled
This configuration item uses PowerShell to check whether or not AppLocker policies are enabled on the system either locally or through Group Policy. It is designed to be exported within DCM packs.
To function it requires that the PowerShell execution policy be set to RemoteSigned.
AppLocker advances the features and functionality of Software Restriction Policies. AppLocker allows you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications.
For more information about AppLocker see ''AppLocker Technical Documentation for Windows 7 and Windows Server 2008 R2: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13431.
Parameter:
Technical Mechanism:
(1) GPO: PowerShell!Check if AppLocker is Enabled
(2) WMI: ###
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: