Whenever you're working with secure applications and files, you need to know how to digitally sign an application so that security software like applocker can effectively identify your applications. These links can help make it easy to digitally sign your applications:
- Introduction to Code Signing
- Understanding the Publisher Rule Condition in AppLocker
- Q: What's the easiest way to digitally sign an internally developed application's executable?
- SignTool.exe (Sign Tool)
When you use applocker, you'll notice that Publisher conditions can be made only for files that are digitally signed; this condition identifies an application based on its digital signature and extended attributes. The digital signature contains information about the company that created the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name of the product that the application is part of and the version number of the application. The publisher may be a software development company, such as Microsoft, or the Information Technology department of your organization.
Publisher conditions are easier to maintain than file hash conditions and are generally more secure than path conditions. Rules that are specified to the version level might have to be updated when a new version of the file is released.