Application whitelisting doesn't necessarily use signatures. Microsoft's AppLocker and it's predecessor, Software Restriction Policies, can whitelist based on: * folder paths * file name * file hashes * executables signed by with a software publisher's X.509 code-signing certificate
Alex Eckelberry wrote: > Not sure about that. What happens when the whitelisting vendor > screws up a dat file, and you can't run any of your programs at all > because they are not "allowed"? The problem is compounded by the > fact that there are far more legitimate files released daily than > there are malicious files, so whitelisting applications need to > update even more than blacklisting apps. -- Phil Brutsche [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
