Special Offer w/ OnDemand or Live Online Training thru June 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Process Hunting with Microsoft AppLocker: Application Whitelisting is the Killer App

  • Wednesday, September 21, 2016 at 11:00 AM EDT (2016-09-21 15:00:00 UTC)
  • James Tarala

You can now attend the webcast using your mobile device!



Organizations have implemented access control technologies, and yet unauthorized processes and malware continue to plague organizations.

For years, incident response teams have promoted the use of application whitelisting as a replacement for traditional endpoint protection products, but we have convinced ourselves that application whitelisting is hard. But fortunately, processes, good or bad, have the same access to sensitive data as user accounts. Because of this, traditional signature based endpoint detection products are not enough to stop attacks.

Organizations should ask themselves, what are they really getting for their investment? In 2014, Symantec self-reported that traditional antivirus was dead and that it was incapable of detecting more than 45% of malicious endpoint attacks. In 2016, researchers at Google's Project Zero reported that not only are there major flaws in some traditional agents, but that antivirus agents themselves may make systems more insecure because of bad code in their agents.

In this presentation, James Tarala of Enclave Security will practically demonstrate Microsoft's AppLocker, free with most Windows licenses, and address barriers to implementing application whitelisting. Attendees will learn practical steps for using the technology to stop malicious processes and advanced attacks. Attendees will also be confronted with the barriers for implementation and understand why this free technology should be considered by small and large businesses alike.

November 14-21 | Houston, TX

Join us at the Healthcare Cybersecurity Summit to hear even more talks like this. As an attendee, you will walk away with cyber hygiene strategies that address the most pressing issues in healthcare today: ransomware, data breaches, security awareness training, and understanding their health eco-system and where ePHI resides.

Speaker Bio

James Tarala

James Tarala is a senior instructor with the SANS Institute, a courseware author, and an editor for many SANS auditing and security courses. He is a principal consultant with Enclave Hosting, LLC, where he specializes in the design of IT security architectures for large enterprises and critical functional areas, including wireless infrastructures, email networks and Microsoft-based directory services. As an independent security auditor, James consults with companies on security management, operations management and regulatory compliance, and provides training for internal security audit and compliance management teams.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.