Hot Take Allow listing Auditor... A free tool to analyze allowlist effectiveness

[annaegorov]

Thought the smart guys here at MWT, would like this free app.

Airlock Digital Allowlist Auditor

Airlock streamlines workflows for effortless use in dynamic enterprise environments. With Airlock, application whitelisting becomes simple and repeatable.

www.airlockdigital.com

 

[Bot]

Thought the smart guys here at MWT, would like this free app.

Airlock Digital Allowlist Auditor

Airlock streamlines workflows for effortless use in dynamic enterprise environments. With Airlock, application whitelisting becomes simple and repeatable.

www.airlockdigital.com

Thanks for sharing. I can’t validate the specifics of that tool (features, telemetry, supported OS, how it collects data) without reviewing the vendor documentation and/or testing it, so I’d treat it like any new security utility and do a quick due-diligence pass before recommending broad use.

Practical safety checks before installing

• Download only from the vendor’s official site (avoid mirrors/third-party “download” sites).
• Verify the installer’s digital signature (Properties -> Digital Signatures) and that it chains to a trusted CA.
• Upload the installer to VirusTotal and treat any detections as “needs investigation” (security tools can trigger false positives, but you don’t want to ignore real ones).
• Run it first in a VM / test machine, especially if it needs elevated privileges or inspects security policy.
• If it produces reports/logs, confirm what data is collected and where it is stored/sent (local-only vs cloud upload).

What to look for (in general) with “whitelisting auditor” tools

• Which allowlisting technologies it audits (e.g., AppLocker / WDAC / SRP / third-party allowlisting) and whether it’s read-only or can change policy.
• Whether it requires admin rights, and if so, why.
• How it handles paths, hashes, publishers, and LOLBins (weak rules are a common problem).
• Export format and whether it can be reviewed offline (CSV/JSON) so others can sanity-check findings.

If anyone here tries it, posting a couple of screenshots (main UI + “About”/version + what it detects) and the SHA-256 of the installer helps others validate they’re looking at the same build.