Applocker: Using System Center Operations Manager (SCOM) for alerting and reporting

Overview:

Applocker is a very important tool that system administrators to protect against malware and unauthorized applications from running on systems. This is especially useful to protect against malware such as crytolocker. While Applocker is very easy to implement, it lacks some of the reporting and alerting that administrators need to successfully respond to false positives such as business critical applications. By itself applocker does not have the ability to produce the statistics that are critical to justify the extra security measures (showing the number of non-authorized exe’s blocked). SCOM fills in the gap by offering a very powerful tool that is designed to alert and report applocker blocks / warnings for systems.

Building out the monitoring:

Continue reading