How To: Secure a Windows PC from Malware by Whitelisting Apps

Avatar

Creating a whitelist is a handy method to make sure that your relative’s devices are safe all the time. All you have to do is select a list of applications that will be able to run in their PCs. In case an app is downloaded, while it is not approved from you, the operating system will not allow the .exe file to run.

For the creation of that kind of list we will need to use the Family Safety feature, which is available in all Windows editions. We will use this feature, because the AppLocker, which is suitable for this process, is only available in Windows Enterprise editions. Let’s see how you can do this.

Configure the Family Safety feature on Windows

The Family Safety feature is preinstalled in Windows 8. On the other hand you will have to install Family Safety from the Windows Live Essentials package, in case you use Windows 7. Once you finish installing, launch the application and choose the accounts you want to monitor.

As for Windows 8.x users, you can only set app whitelists in your ”child’s” accounts. This kind of account could be controlled or restricted from a ”parent” account.

This method could be a good solution for your PC too. You can whitelist applications by configuring a child account, so that you save some time and let that account sign in your administrator one, whenever you want to allow an app.

  • Use the Windows key + I combination to open the PC Settings app. Go to the Accounts section and select Other accounts.

Screenshot - 28_8_2014 , 12_33_03 μμ

  • In case you want to add a new account, click on the appropriate option and then click on the Add a child’s account.
  • However, if you have already created an account, all you have to do is turn it into a child account. Just select the desired account and click Edit. After this, make your account a child one.

Screenshot - 28_8_2014 , 12_33_03 μμ

 

The administrator account will become the ”parent” of the child account and manage it on your system. Be aware that this administrator account should also be a Microsoft account. Your whitelist will be managed via a web-based interface.

Configure your App Whitelist

  •  Firstly, you can either click on the Manage Family Safety settings online link, found on the users configurations screen, or go to the Family Safety section of the Microsoft website and log in with the username and password of the administrator account. The account will be shown as a child account. In this screen you will also see restricted accounts, which could be on different PCs.
  • Click on the child account and choose App restrictions. After this turn the App restrictions slider to On. 

Screenshot - 28_8_2014 , 12_33_03 μμ

  • Select the desired applications, which your user account can access from the list of apps, shown below the slider. Microsoft Store apps and Windows desktop apps are included in the system. Now all applications are blocked and the user account can access them, only if you allow it.

Go ahead and configure the list of the apps that your user account could have access to. In the control panel you will also notice the Activity reporting section in the column on the right side of the window. This feature is activated by default and it helps you to keep track of the websites that the user account has visited. This is helpful, in case you want to monitor the browsing activity of your relatives.

Use the Restricted account

  • Now you will be able to sign into the restricted account and make a few handy changes. For instance, you could pin the allowed apps on the desktop taskbar, in order to let the user(s) of the PC know which apps can be used.
  • In case the PC user tries to run an app, which is not whitelisted, the operating system will inform him/her via a pop-up window that ”Windows blocked the application from running”. As a result, malware, spyware and other software will be prevented from running in the PC. Only a specific list of apps will be allowed to run.

Screenshot - 28_8_2014 , 12_33_03 μμ

  • If you want to have access to a new app, just click on the pop-up. In addition, if the app whitelisting feature is used on the computer of a person, who is not your child, please do explain the ”child account” operation to him/her, because the next dialog will totally confuse him/her.

Screenshot - 28_8_2014 , 12_33_03 μμ

  • Your requests could be found in the Request section, shown in the Family Safety website. Here, you should click the Allow button, so that you approve the use of a new application. Make sure that only safe applications are allowed to run in the computer.

Screenshot - 28_8_2014 , 12_33_03 μμ

Although Family Safety is great, in case you want to monitor your child’s activity, this is also the only whitelisting feature you will be able to use in all Windows editions by default. It may not be as efficient as the AppLocker, but it can surely help you to set up your list of allowed apps. In addition, we could say that it is more convenient than the AppLocker, due to Microsoft’s web interface.