In part 3 of this AppLocker series, we will go through the rules that AppLocker uses to allow or block specific applications. Firstly, note that explicitly defined Block rules (non generic) override any Allow rules (generic). Secondly, note that if you don’t set a default policy to allow all applications, then any application that has no Allow policy will not be allowed to execute. When creating rules you can take two different approaches, either you allow all applications to run with specific ones set as blocked, or leave the default behavior of AppLocker and then allow specific applications to run (remember to allow administrators full allow permissions and everyone to run system applications). However, it is recommended to start implementing AppLocker rules by performing an audit exercise prior to the actual enforcement of rules.
DirectX is a technology used by multimedia programs running on your system. The DirectX Diagnostic tool (DXdiag) helps you troubleshoot DirectX related issues such as, checking digital signatures for your video card drivers. It also checks whether a driver has passed the Microsoft’s Windows Hardware Quality Labs (WHQL) tests. But most importantly, it helps find problems with games or movies that cannot run properly. The first time you run the DXdiag tool you are asked whether you want to check if your drivers are digitally signed and that the tool may connect to the Internet but no personal data is collected.
Make sure that you select the Check for WHQL digital signatures option in order to test for signed drivers. That is, digitally signed drivers have been tested by the Microsoft Windows Hardware Quality Lab for DirectX compatibility. It is recommended, to update a driver that is flagged as unsigned.
If a device driver package is not signed with a trusted certificate then the user installing the driver needs administrative privileges to be able to complete the installation. You can allow ordinary users (non-administrator user accounts) to install specific drivers that do not have a trusted digital signature by adding them into the driver store. The driver store is a protected area that contains device drivers’ packages that have been approved for installation on the computer. Sometimes, this process is known as staging a driver package.