Whitelisting for programs
Application Whitelisting prevents the execution of all programs that have not been approved for the system. Via a Whitelist, the administrator creates a list of approved applications that the system is allowed to execute. Unlike with antivirus software, no continuous updates are necessary in order to close current security holes. The list only needs to be expanded when new applications are added. In industrial practice, this list is often easier to maintain than antivirus software. The built-in Windows 10 feature is called AppLocker.
Whitelisting measures allow you to specify explicitly which programs can be executed on the system. These measures provide protection against untrusted code.
Windows offers two different methods for whitelisting:
- Software Restriction Policies (SRP)
- AppLocker
The Software Restriction Policies offer scope for explicitly specifying which programs can be executed on the system. All other programs can then no longer be executed. These policies are available through the Local Security Policy.
AppLocker is available from Windows 7 and has an extended range of functions. Differences between AppLocker and SRP are documented here.