How to Create an Application Whitelist Policy in Windows 10
3 min. read
Updated on
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Key notes
- The Application Whitelist policy helps you to secure your Windows 10 PC from malware invasions.
- It's possible to set up this process on your computer directly from the Windows settings.
- The AppLocker will help you as well to create this procedure and guard your system.
- You can discover more insightful directions in our solution provided below.
If you really want to protect your Windows 10 PC from malware and unknown executive files, then the best solution is to create an Application Whitelist Policy. In this guide, you will check out a detailed article on how to do it.
Application whitelisting is one of the best practices which is used by IT administrators to prevent their systems from running unapproved executable programs or files on their system.
Even the home users can also take advantage of the whitelisting feature to ensure full protection from malware or ransomware.
The whitelisting feature was first introduced in Windows XP and following the tradition, this feature is also available in Windows 10, a recently launched operating system by Microsoft.
If you’re the one running Windows 10 on your computer or laptop, then you must check the following options which you must consider employing on your PCs.
How do I create an Application Whitelist Policy in Windows 10?
1. Manually create an application whitelist policy
- Type secpol.msc in Windows 10 Start Menu search bar.
- Under Security Settings, navigate to Software Restriction Policies and click on it.
- Right-click on Software Restriction Policies and click on New Software Restriction Policies to create a new policy.
- You can double click on Enforcement, Designated File Type, and Trusted Publishers.
With the help of Software Restriction Policies. You can do the following things:
- Whitelist Applications or Programs
- Fight Malware
- Regulate which ActiveX controls can be downloaded
- Run only digitally signed scripts
- Enforce that only approved software is installed on system computers
- Lockdown a machine
Once done with all these steps, you need to head over to the Security Level folder under Software Restriction Policies.
Under the Security Level folder, you will see the following three options:
- Disallowed
- Basic User
- Unrestricted
Our requirement is to whitelist the applications or programs and for that, make double-click on the Disallowed option and click on the Set as default button on the new window.
2. Use Windows AppLocker for whitelisting application
- Go to Local Security Policy,
- Under Security Settings click on Application Control Policies.
- Choose AppLocker.
Suppose you want to create a rule for the Packaged app, then Packaged app Rules and make right-click on the “Create New Rule” and fill the preferences according to your requirement.
Windows AppLocker, allow or block particular users from installing or using a particular program. You can accomplish this result by using whitelisting rules.
It provides administrators to have full control over which programs and files users can run. These include scripts, executable files, DLLs, Windows Installer files, Packaged app installers, and Packaged App
With the help of Windows AppLocker, you can block Windows Store apps and block legacy. But this feature only exists in the Pro and Enterprise editions of Windows 10.
3. Create Whitelist Application using third-party software
Third-Party software is also available to whitelist the application. Some of the popular names are CryptoPrevent and VoodooShield.
If you’re a home user, then you must install Enhanced Mitigation Experience Toolkit, it is a freeware tool that helps administrators to have full control over third-party plugins or apps.
Why don’t you give a try to this guide and let us know if you have any queries related to it by leaving a comment below.
