AppLocker is a policy-based security component of Microsoft Windows introduced in Windows 7 Professional, Enterprise and Ultimate editions and Windows Server 2008 R2. It enables or disables execution of software based on rules such as location, properties and digital signature, so it can be used to restrict that software that can be run on a Microsoft Windows system. Executable file restrictions can be based on a hash value, publisher certificate, etc. Further details on AppLocker can be found at An approach for managing Microsoft AppLocker policies.
The
Get-AppLockerFileInformation
PowerShell
cmdlet will return a hash code it labels as "SHA256". But you will find
that a hash code it returns differs from one returned by the Get-FileHash
cmdlet for executable, e.g., .exe files.
[ More Info ]
