deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-10 11:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
Alekhya Jupudi 200f30988f Defender App Guard Link text correction-03 
Change to Learn more about the Windows Defender Application Control feature availability
2021-09-30 11:35:44 +05:30

2.5 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, manager, audience, ms.collection, ms.topic, ms.date, ms.technology
title description ms.assetid ms.reviewer ms.author ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority author manager audience ms.collection ms.topic ms.date ms.technology
Find digitally signed apps on a reference device (Windows) This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed. 24609a6b-fdcb-4083-b234-73e23ff8bcb8 dansimp m365-security deploy library security medium dansimp dansimp ITPro M365-security-compliance conceptual 09/21/2017 mde

Determine which apps are digitally signed on a reference device

Applies to

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.

This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.

The Windows PowerShell cmdlet Get-AppLockerFileInformation can be used to determine which apps installed on your reference devices are digitally signed. Perform the following steps on each reference computer that you used to define the AppLocker policy. The device does not need to be joined to the domain.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To determine which apps are digitally signed on a reference device

  1. Run Get-AppLockerFileInformation with the appropriate parameters.

    The Get-AppLockerFileInformation cmdlet retrieves the AppLocker file information from a list of files or from an event log. File information that is retrieved can include publisher information, file hash information, and file path information. File information from an event log may not contain all of these fields. Files that are not signed do not have any publisher information.

  2. Analyze the publisher's name and digital signature status from the output of the command.

For command parameters, syntax, and examples, see Get-AppLockerFileInformation.

Related topics