Forum Discussion
Solved
2 factor for allowing unsigned apps to be installed?
Hi everyone, I'm just looking for your ideas on dealing with unsigned applications. We can't trust EDR/AV to do everything and yet there are times we want to allow users to install unsigned applica...
- Perhaps use the consent settings instead?
https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings
Perhaps use the consent settings instead?
https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings
https://aad.portal.azure.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade/~/UserSettings
That's a neat idea, thanks Christian,
I assume that when a user self-authorized installation of an unsigned app that it will be logged somewhere so I'll look into that.I also recently read that if a kernel level drive is loaded it will do such with a specific local admin account (SID 1-5-18 - local admin) so if that's true then I can also track unauthorized SIDs loading drivers.
https://synzack.github.io/Blinding-EDR-On-Windows/
Thanks!
