Block malware filehash values using applocker

%3CLINGO-SUB%20id%3D%22lingo-sub-2677407%22%20slang%3D%22en-US%22%3EBlock%20malware%20filehash%20values%20using%20applocker%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2677407%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%20is%20there%20a%20way%20we%20can%20block%20malware%20filehash%20values%20using%20Applocker%20GPO%20without%20having%20to%20locate%20or%20have%20a%20actual%20copy%20of%20the%20malware%20file%20%3F%20appreciate%20your%20response...%20cheers..%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2677407%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECommunity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2677909%22%20slang%3D%22en-US%22%3ERe%3A%20Block%20malware%20filehash%20values%20using%20applocker%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2677909%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-application-control%2Fapplocker%2Fimport-an-applocker-policy-into-a-gpo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-application-control%2Fapplocker%2Fimport-an-applocker-policy-into-a-gpo%3C%2FA%3E%3CBR%20%2F%3EHello%20%2C%20I%20think%20the%20malware%20mechanisms%20are%20working%20not%20visible%3CBR%20%2F%3Eand%20group%20rules%20will%20not%20be%20effective!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2678041%22%20slang%3D%22en-US%22%3ERe%3A%20Block%20malware%20filehash%20values%20using%20applocker%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2678041%22%20slang%3D%22en-US%22%3Ethanks%20Andrzej1%20%2C%20let%20me%20check%20it%20and%20advise..%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2680042%22%20slang%3D%22en-US%22%3ERe%3A%20Block%20malware%20filehash%20values%20using%20applocker%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2680042%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F334320%22%20target%3D%22_blank%22%3E%40hari-siva%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHello!%20You've%20posted%20your%20question%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FCommunity-Discussion%2Fbd-p%2FCommunityQuestions%22%20target%3D%22_blank%22%3ETech%20Community%20Discussion%20space%2C%3C%2FA%3E%20which%20is%20intended%20for%20discussion%20around%20the%20Tech%20Community%20website%20itself%2C%20not%20product%20questions.%20I'm%20moving%20your%20question%20to%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fwindows-security%2Fbd-p%2FWindows-10-security%22%20target%3D%22_self%22%3EWindows%20security%20space%3C%2FA%3E-%20please%20post%20Windows%20security%20questions%20here%20in%20the%20future.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E(If%20I%20am%20incorrect%20on%20the%20topic%20you%20are%20asking%20about%2C%20please%20let%20me%20know.)%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2680298%22%20slang%3D%22en-US%22%3ERe%3A%20Block%20malware%20filehash%20values%20using%20applocker%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2680298%22%20slang%3D%22en-US%22%3EAppLocker%20is%20NOT%20a%20replacement%20for%20Anti-Malware%20product%20and%20to%20set%20a%20policy%2C%20you%20will%20need%20to%20have%20a%20sample%20of%20it.%3CBR%20%2F%3EHowever%2C%20you%20may%20do%20it%20other%20way%2C%20like%20create%20a%20whitelist%20and%20only%20add%20trusted%20applications%20and%20place%20the%20rest%20into%20black%20list%2C%20so%20it%20will%20block%20everything%20else.%3CBR%20%2F%3EIn%20case%20it%20is%20a%20malware%2C%20you%20may%20report%20it%20to%20Microsoft%20Anti-Malware%20team%20to%20create%20a%20signature.%20You%20may%20upload%20it%20to%20websites%20where%20they%20product%20hash%20key.%3C%2FLINGO-BODY%3E
New Contributor

Hi All, is there a way we can block malware filehash values using Applocker GPO without having to locate or have a actual copy of the malware file ? appreciate your response... cheers.. 

8 Replies
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-con...
Hello , I think the malware mechanisms are working not visible
and group rules will not be effective!
thanks Andrzej1 , let me check it and advise..

@hari-siva 

Hello! You've posted your question in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your question to the Windows security space- please post Windows security questions here in the future.

 

(If I am incorrect on the topic you are asking about, please let me know.) 

AppLocker is NOT a replacement for Anti-Malware product and to set a policy, you will need to have a sample of it.
However, you may do it other way, like create a whitelist and only add trusted applications and place the rest into black list, so it will block everything else.
In case it is a malware, you may report it to Microsoft Anti-Malware team to create a signature. You may upload it to websites where they product hash key.
thanks Eric.
Thanks Reza_Ameri.
Welcome, glad it was helpful

@hari-siva  Malware threats and related cyberattacks have increased eventually. That's why cybersecurity awareness has become essential in today's generation. So, I would suggest for Online Cybersecurity Training to avoid such circumstances in the future.

www.000webhost.com