Register by tomorrow to save $300 on cutting-edge cyber security training at SANS Miami 2020!


To attend this webcast, login to your SANS Account or create your Account.

Process Hunting with Microsoft AppLocker: Application Whitelisting is the Killer App

  • Wednesday, September 21st, 2016 at 11:00 AM EDT (15:00:00 UTC)
  • James Tarala
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Organizations have implemented access control technologies, and yet unauthorized processes and malware continue to plague organizations.

For years, incident response teams have promoted the use of application whitelisting as a replacement for traditional endpoint protection products, but we have convinced ourselves that application whitelisting is hard. But fortunately, processes, good or bad, have the same access to sensitive data as user accounts. Because of this, traditional signature based endpoint detection products are not enough to stop attacks.

Organizations should ask themselves, what are they really getting for their investment? In 2014, Symantec self-reported that traditional antivirus was dead and that it was incapable of detecting more than 45% of malicious endpoint attacks. In 2016, researchers at Google's Project Zero reported that not only are there major flaws in some traditional agents, but that antivirus agents themselves may make systems more insecure because of bad code in their agents.

In this presentation, James Tarala of Enclave Security will practically demonstrate Microsoft's AppLocker, free with most Windows licenses, and address barriers to implementing application whitelisting. Attendees will learn practical steps for using the technology to stop malicious processes and advanced attacks. Attendees will also be confronted with the barriers for implementation and understand why this free technology should be considered by small and large businesses alike.

November 14-21 | Houston, TX

Join us at the Healthcare Cybersecurity Summit to hear even more talks like this. As an attendee, you will walk away with cyber hygiene strategies that address the most pressing issues in healthcare today: ransomware, data breaches, security awareness training, and understanding their health eco-system and where ePHI resides.

Speaker Bio

James Tarala

James Tarala is a senior instructor with the SANS Institute, a courseware author, and an editor for many SANS auditing and security courses. He is a principal consultant with Enclave Hosting, LLC, where he specializes in the design of IT security architectures for large enterprises and critical functional areas, including wireless infrastructures, email networks and Microsoft-based directory services. As an independent security auditor, James consults with companies on security management, operations management and regulatory compliance, and provides training for internal security audit and compliance management teams.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.