Lockdown is a preventative measure against malware/ransomware attacks. It works by leveraging Windows Software Restriction Policies to prevent programs from running unexpectedly from blocked locations.

Lockdown is designed in the opposite way that CryptoPrevent works with SRP, in that Lockdown by default blacklists the entire file system, and whitelisting must be applied to allow programs to run (even built-in Windows programs) Lockdown also goes a step further and restricts not only executables but DLLs and other code libraries as well.

Lockdown may also be used simply to restrict a PC to running only certain applications, keeping your end-users out of trouble.

Lockdown is designed for ADVANCED USERS, who should be somewhat familiar with Software Restriction Policies. For those who are not well-versed or are unsure of how to use the program, CryptoPrevent will be a better fit for you and does offer similar protections.

Usage:

When Lockdown is enabled, by default no executables will run except in whitelisted locations. When enabled Lockdown will automatically whitelist the Windows directory (and all subdirs) as well as Program Files, the Lockdown directory itself, and all shortcuts will be allowed to run (although the file on the other end of the shortcut will be subject to SRP rules.) Lockdown does not whitelist your downloads folder or desktop by default.

Lockdown will need to be disabled for proper operation of some applications (or their program paths must be whitelisted.) This will occur with any app that utilizes non-standard locations for its executables, such as anywhere in %appdata%.

After applying Lockdown settings (enabling/disabling or addition/removal of whitelist or blacklist items) you must log out or reboot the PC for the policies to definitely take effect; this is due to the way Group Policy works.

Lockdown has the following command-line arguments for silent usage:

/enable
/disable
/whitelist=[item] — Add an item to the whitelist
/-whitelist=[item] — Remove an item from the whitelist
/blacklist=[item] — Add an item from the blacklist
/-blacklist=[item] — Remove an item from the blacklist
/gpupdate — Equivalent to running the Windows command gpupdate /force /wait:0 as it is used to refresh group policy, however as mentioned above, due to the way Windows operates it you will likely need to log out or reboot for changes to be applied fully.

Command line arguments can be applied and stacked on one command line, like this:

Lockdown.exe /enable /blacklist=syskey.exe /blacklist=vssadmin.exe /whitelist=c:usersbobappdataACME /gpupdate

Lockdown can be deployed as a single .exe file for command line usage, however, the included Lockdown Resources directory is required for the graphical user interface mode.