Products / Privileged Access Management / Blocker

Blocker – Better Than Just Blocklisting

What is Blocker?

An Innovative Approach to Blocklisting

We aren’t reinventing the blocklisting or allowlisting wheel here – just innovating it. Blocker is designed to help mitigate malicious actors/activity that may use programs that are natively on your networks to corrupt data, steal information or worse.

Superior Control Without the Headache

Blocker answers the questions: Do we need to block everything on your computer or is that overkill? Can we focus in on a segment and block THOSE? YES, instead of blocking everything, let’s block the known applications that present threats – the Living Off the Land (LOTL) stuff.

Comprehensive Recommendation List Based on Your Environment

Blocker curates a comprehensive list of recommended items and empowers you to choose what you want blocked from executing or allowed to operate. Take control of what can operate within your environment. Easily define rules that allow specific parent processes to run child applications or processes while blocking others.

Application Control Reimagined

Why Blocker?

Living Off the Land (LOTL) Attacks

LOTL attacks made up 71% of all attacks in 2022 (from the CrowdStrike 2023 Global Threat Report). Bad actors infiltrate networks and wreak havoc using legitimate components of the Windows Operating System, which often escape detection by traditional anti-malware applications.

Enhanced Security

Safeguard your organization against potential security breaches by blocking listed applications, binaries, and .dll files. These native Windows binaries are rarely used by end users directly, so blocking them won’t be too much of an impact on most typical business environments.

Minimized False Positives

Blocker’s curated list focuses explicitly on known attack vectors helping to ensure minimal disruption to your legitimate applications and operations.

Sign Up For Free Trial

Try out the complete solution to see for yourself how simple password management software can be.

Blocker FAQ

How does Blocker differentiate itself from other security features in the market, and what specific threats does it aim to address?

The Blocker feature in AutoElevate can block 200+ native Windows applications, binaries, and .dll files that are typically used as LOTL attack vectors.

How does AutoElevate ensure that Blocker stays up-to-date with evolving cyber threats and maintains its effectiveness over time?

We rely primarily on sources like Microsoft, community projects (such as the LOLBAS project), and our own research to keep the product to date. That said, please note that Blocker is focused on “malware-free” aka “Living off the Land” attacks. These tend to exploit known applications and tools that have been in Windows for a very long time – a subset of which have been deprecated and only remain there for backwards compatibility.

Is Blocker a separate product from AutoElevate?

It is not a separate product. Blocker is a new process blocking/allowing tool within AutoElevate.

Can you provide insights into the user interface and user experience of Blocker, particularly in terms of ease of use for non-technical users?

AutoElevate and Blocker, are designed to be configured by system administrators and technical staff. That said, we do aim to make it as user friendly and easy to use as possible. Someone with limited technical knowledge should be able to configure Blocker when utilizing our recommendation engine after an appropriate audit period.

Does the Blocker feature block applications at a network level?

AutoElevate’s Blocker tool blocks at a process level.

When setting up blocking rules, is it necessary to change all endpoints back to Audit mode or can it work safely without disruptions in Live mode?

Only new endpoints that you wish to utilize the Blocking feature on would need to be placed in Audit mode. This allows us to identify the applications, processes, and .dll’s being used on the machine so the recommendation engine can suggest rules that will reduce threat vectors.