As mentioned in the previous section, Microsoft's AppLocker is an application whitelisting solution that comes with all modern versions of the Windows operating system. It is a viable solution for smaller deployments or to use when you are not ready to spend the money for a third-party solution like McAfee's Application Control (https://www.mcafee.com/us/products/application-control.aspx) or Symantec's Embedded Security: Critical System Protection (https://www.symantec.com/products/embedded-security). Compared to Microsoft's AppLocker, the paid-for solutions add more features, provide an easier deployment and management experience, and allow for more granular control. Among the extra features are deployment portals and reporting capabilities. The paid-for solutions also allow for a more controlled application execution by adding a sandboxing feature that allows you to run the whitelisted application under strict supervision and with configurable boundaries.

A sandbox can, for example, dictate that the whitelisted application can only access files within its own running directory, or the application can be restricted from communicating over the network. Other controlled application execution features allow process restriction. With this, a Notepad process can be prevented from spawning a command shell. All in all, the paid-for solutions allow you to regulate every aspect of the computer. Some allow additional computer restrictions, such as USB port blocking and firewall capabilities.

In the following exercises, we are going to set up a Symantec Embedded Security: Critical System Protection application whitelisting solution and look at some of the product's features.