Current version: v1.1.3 (released 2021-06-23, see release notes below.)
Lockdown is a preventative measure for use against malware/ransomware attacks, which works by leveraging Windows Software Restriction Policies to prevent programs from running unexpectedly and from blocked locations. Lockdown is designed in the opposite way that CryptoPrevent works with SRP, in that Lockdown by default blacklists the entire file system, and whitelisting must be applied to allow programs to run (even built-in Windows programs!) Lockdown also goes a step further and restricts not only executables, but DLLs and other code libraries as well.
Lockdown may also be used simply to restrict a PC to running only certain applications, keeping your end users out of trouble.
Lockdown is designed for ADVANCED USERS ONLY, who should be somewhat familiar with Software Restriction Policies. If you don’t understand anything regarding usage of the program, that isn’t you, and you should look to our CryptoPrevent instead for similar protections.
Usage:
When Lockdown is enabled, by default no executables will run except in whitelisted locations. When enabled Lockdown will automatically whitelist the Windows directory (and all subdirs) as well as Program Files, the Lockdown directory itself, and all shortcuts will be allowed to run (although the file on the other end of the shortcut will be subject to SRP rules.) Lockdown does not whitelist your downloads folder or desktop by default.
WARNING: REMOVAL OF DEFAULT RULES CAN RENDER WINDOWS UNUSABLE.
WARNING: REMOVAL OF DEFAULT RULES CAN RENDER WINDOWS UNUSABLE.
WARNING: REMOVAL OF DEFAULT RULES CAN RENDER WINDOWS UNUSABLE.
That being said, you can remove default rules if you are prepared to add whitelist rules for the bare minimum of files listed at the bottom of this Microsoft article.
Lockdown will need to be disabled for proper operation of some applications (or their program paths must be whitelisted.) This will occur with any app that utilizes non-standard locations for it’s executables, such as anywhere in %appdata%.
After applying Lockdown settings (enabling/disabling or addition/removal of whitelist or blacklist items) you must log out or reboot the PC for the policies to definitely take effect; this is due to the way Group Policy works.
Lockdown has the following command line arguments for silent usage:
- /enable
- /disable
- /whitelist=[item] — Add an item to the whitelist
- /-whitelist=[item] — Remove an item from the whitelist
- /blacklist=[item] — Add an item from the blacklist
- /-blacklist=[item] — Remove an item from the blacklist
- /ImportWhitelist=[path\file] — Import a whitelist from an exported file.
- /ImportBlacklist=[path\file] — Import a blacklist from an exported file.
- /ExportWhitelist=[path\file] — Export the current whitelist to file.
- /ExportBlacklist=[path\file] — Export the current blacklist to file.
- gpupdate — Equivalent to running the Windows command gpupdate /force /wait:0 as it is used to refresh group policy, however as mentioned above, due to the way Windows operates it you will likely need to log out or reboot for changes to be applied fully.
Command line arguments can be applied and stacked on one command line, like this:
Lockdown.exe /enable /blacklist=syskey.exe /blacklist=vssadmin.exe /whitelist=%appdata%\ACME /gpupdate
Lockdown can be deployed as a single .exe file for command line usage, however the included Lockdown Resources directory is required for the graphical user interface mode.
Compatibility:
Lockdown is compatible with all versions of Windows from XP to 10, including Home editions which normally do not allow for Group Policy manipulation. Lockdown is also compatible with anti-virus software of any type, however depending on the A/V you may need to apply whitelisting to the program’s folders if not in Program Files.
Lockdown is NOT compatible with CryptoPrevent or any other implementation of Windows Software Restriction Policies (e.g. Group Policy).
License
Lockdown is free for personal usage, however support is not provided without purchase. Commercial usage requires purchase.
Purchase for Commercial Usage
Release Notes
I just received report of a Lockdown user not being able to download files in Chrome or Edge (Chromium) with no blocking reported in the event logs. Thanks to Luke for the report and solution, v1.1.2 has been uploaded to include a new default path in the whitelist rules for “%programdata%\Microsoft\Windows Defender” because executables in there were being used to scan file downloads, rather than their counterparts in %programfiles%, I guess.
This update fixes a bug causing Lockdown to not write additions to the Windows default list of executable file types, and as a result previous versions of Lockdown did not block a few scripting languages namely Powershell and Python. The list below shows what Windows considers an executable file type that is blocked by default (and by all versions of Lockdown):
WSC
VB
URL
SHS
SCR
REG
PIF
PCD
OCX
MST
MSP
MSI
MSC
MDE
MDB
LNK
ISP
INS
INF
HTA
HLP
EXE
CRT
CPL
COM
CMD
CHM
BAT
BAS
ADP
ADE
Lockdown v1.1.1 also adds these file types:
JS
JSE
PS1
PY
VBS
Please feel free to contact us to request additional file types to be added if we’ve left anything important out.
What is Lockdown? Lockdown is a preventative measure for use against malware/ransomware attacks, which blacklists the ENTIRE file system, and whitelisting must be applied to allow programs to run. Lockdown restricts not only executables, but DLLs and other code libraries as well.
Changes in v1.1:
- Lockdown now remembers your customized whitelist/blacklist settings when enabling/disabling Lockdown through the user interface (does not apply to command line arguments.)
- Added import/export feature for whitelist/blacklists both in the UI and through command line arguments.
- Lockdown now detects when it is enabled/disabled, and enables/disables the appropriate buttons in the user interface, so no more confusion as to whether Lockdown is enabled.
Which download is right for you?
Two downloads for Lockdown exist on this page, a ‘portable’ download which can be run without installation, and an ‘installer’ download which is to be installed on the system like a standard program (yes, it can also be uninstalled of course!)
Lockdown (installer)
Lockdown (installer) is best for most everyone who wishes to have an installer with uninstall support, start menu/shortcuts to launch the app, etc.
Downloaded 654 times
Lockdown (portable)
Lockdown (portable) is designed for deployment and usage by IT Professionals.
Downloaded 763 times