Topics Map > Endpoint Support > Windows
Topics Map > User Services > KnowledgeBase
Topics Map > User Services > Help Desk

What is Applocker?

You were likely directed to this KB article because you got a pop-up warning you that an application was blocked, and prevented from running. This article is an explanation as to why managed SSCC computers do this.

The name of the security system that blocked the application you attempted to run is Applocker. This system is designed to prevent the running of programs that are located outside of a few default locations.

Applocker warning popup

Why does the SSCC do this? 

To prevent the running of malware and viruses, particularly the type known as "ransomware." For decades, viruses were most effective on computers if they were run with Administrator-level privileges, which is the highest level of access a Windows computer can have. The SSCC has already prevented users from running as Administrators on managed computers for years, for this very reason. However, when ransomware came onto the scene, two key features about it were apparent:

  1. They are very damaging, because they will prevent you from being able to read any files (via a process called encryption) that you have access to; both on your computer and also network drives (like your U:\ drive, and the X:\ drive) unless you pay ransom to the malware writer.
  2. They do not require administrator credentials, because they run in your regular user account and simply encrypt any files your user account can write to.

This means that a computer infected with ransomware will often still be able to boot up and run, because the malware was not able to encrypt critical Windows system files. However, in many cases all your personal files, even the ones on your U:\ drive and shared files you have access to on your department or research project's X:\ or V:\ drive, will be permanently destroyed (as no one recommends paying the ransom to the malware writers, as this just leads to more malware).

Please note that the SSCC has backups of all U:\, Z:\, X:\, and V:\ drive data, so while recovering from this would be a time-consuming operation, your network drive files would be restored to you. However, all data in your C:\ drive on your computer like your Documents, Desktop, Downloads (etc) folders would be permanently lost.

How does Applocker help?

By blocking the running of any program that was not installed by an administrator to trusted locations, we can help ensure that the chances of malware in general, and ransomware in particular being able to run on your computer is low. We know that no person intentionally puts malware on their computer, but we also know that casual, accidental downloads of files happen all the time. Applocker is merely an automated layer of defense to prevent malware and ransomware from gaining a foothold on your computer.

But I need this program for work - what can I do?

First, please check if the program you want is already in our Software Center. We have several dozen popular programs available and the list is growing all the time. If the application isn't in the Software Center, please contact the SSCC Helpdesk. We're happy to find ways to install a trusted program for you so that it does not trigger Applocker. Our goal is simply to keep your data and our computers safe, not to impede your work.



Keywords:
security, windows, warning 
Doc ID:
124245
Owned by:
Zach H. in Social Science Computing Cooperative
Created:
2023-02-22
Updated:
2023-02-22
Sites:
Social Science Computing Cooperative