Windows AppLocker - Tanium Enforce - Tanium Tech Talks #137

See how Tanium makes it easier to manage #Windows #AppLocker at scale across multiple environments. Tanium helps you reach and manage all of your traditional #Windows servers and workstations, and also those that are hard-to-reach: ✅ Older Windows versions ✅ VPN clients and work-from-home ✅ Stand-alone non-AD-domain-joined (like industrial environments) ✅ AD-domain-joined spanning multiple domains and forests Features and benefits: 🌎 Manage AppLocker at scale through Tanium Enforce 😃 Easy to get up and running 🎚️ Single management surface across all Microsoft environments ♻️ Import policy via Group Policy XML export 🔎 Custom logs and sensors for easy troubleshooting ⚠️ Send alerts via Tanium Connect #informationsecurity #informationtechnology FREE PASS TO CONVERGE 2025 Get a FREE pass to Tanium Converge in Orlando, Florida, November 17-20. Go to: https://converge.tanium.com ➡️ Click Register Now Use the promo code As-McGl-40000 for a free ticket type of your choosing: 🎟️ In-Person 🎟️ In-Person + Labs 🎟️ Converge Virtual + Virtual Self-Services Labs Also note: ✅ Converge Virtual base tickets are free and do not require a promo code. ✅ Promo codes cannot be used on certification exams or Converge Party Guest passes. RESOURCES Docs: AppLocker policies https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/policies.html#applocker-policy Docs: AppLocker policies troubleshooting https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/troubleshooting.html Tanium KBs on AppLocker Support https://help.tanium.com/search?labelkey=knowledgearticles&personalize=true&q=applocker Microsoft KB: AppLocker vs App Control for Business (WDAC) https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview Microsoft KB: Understanding AppLocker Default Rules https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-default-rules Microsoft KB: AppLocker and Teams https://learn.microsoft.com/en-us/microsoftteams/applocker-in-teams CHAPTERS 00:00 Intro 00:47 Free Converge pass 01:34 Meet Rob 02:59 Rob's Converge labs 05:05 What is AppLocker? 06:50 How does Tanium help? 09:08 DEMO Enforce Policy 09:43 Audit vs Enforce mode 10:50 DEMO Enforce Policy continued 12:10 Microsoft KB guidance 13:40 DEMO Blocking types 14:35 Allowing OneDrive and Teams 15:20 Stacking rules 16:07 DEMO file not blocked 16:42 DEMO Tanium Custom Logging 18:55 DEMO AppLocker Log Sensor 19:55 DEMO Send Alerts via Connect 22:26 Summary So Far - Defense in Depth 23:28 DEMO Log CSV via Connect continued 24:10 DEMO Enforcing Blocking 25:55 DEMO Getting file information 27:40 DEMO Logs for blocking 29:25 DEMO Sensor results for blocking 29:47 DEMO Summary and ideas 30:50 Flexibility over Active Directory and Intune 31:30 FAQ Intune and WDAC AppControl? 33:15 FAQ Tanium client exclusions? 34:25 FAQ Policy management conflicts? 37:57 BIG SUMMARY 39:39 Resources