Application Whitelisting and How It Better Protects You

Application whitelisting is a buzzword in the tech community, but what is it and how can it be harnessed to make the internet a safer space for everyone?
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Application whitelisting (AWL) as a real-world practice isn’t widely used. While it does have some drawbacks, they’re mainly nuisance items rather than problems that may leave you open to a virus.

Application whitelisting protects end users from ransomware and other executable files by identifying what is safe in real time. It’s baffling why this method of cybersecurity isn’t more widely adopted by top antivirus and cybersecurity companies around the world.

While this sometimes leads to good programs being blocked (known as a false positive), it’s usually easy to whitelist those programs quickly and without hassle. Read on for more details. 

In this article
What is application whitelisting?
How does it work?
Why use application whitelisting?
Best practices
Recommended apps
FAQs
Bottom line

What is application whitelisting?

Application whitelisting is the practice of allowing known good files to run. This type of endpoint security is also termed default-deny (where the default option is to deny entry), zero-trust, and zero-day architecture. A whitelist is an extensive (although not exhaustive) list of programs from all over the world that are known to be good.

The act of whitelisting those programs, applications, and developer signatures allows your computer or laptop to be protected from cyberthreats, cyberattacks, vulnerabilities, malware, ransomware attacks, and malicious programs, even if they’ve never been seen before. 

By blocking potentially malicious software in high-risk environments, application whitelisting tools stop malicious applications from running on your computer system.

Whitelisting vs. blacklisting

Think of cybersecurity and antivirus software like a giant gate around the castle that is your computer. Antivirus programs work by stationing guards at your computer’s gate. Application blacklisting programs tell the guards to let everyone through but if they notice a criminal, they should block the entrance.  

On the other hand, application whitelisting works by giving those guards a list of all the people who are known to NOT be criminals. Only those people are allowed through the gate.

You may worry that a program or download you know is good might not be allowed to run on your computer. While these false positives do happen, you need to remember that cybersecurity companies using this technology see more of the internet cross their servers in one day than you may see in an entire year. 

If it’s available to the public, it’s probably already been whitelisted. And if by chance it does get blocked, most companies allow you to whitelist directly from your machine.

How does application whitelisting work?

Application whitelisting creates an impenetrable wall that bars anything unknown from executing on a machine. For example, you may receive a phishing email from a fake Amazon account telling you a receipt for your purchase is attached. When you look at the email, the purchase is usually very expensive. You must open the attachment if you want to cancel the purchase.

If you opened the attachment without an antivirus program running, it would download malware onto your computer. Even if you’re using traditional blacklist software, like Norton or McAfee, malware that is new enough could still be allowed to download (also called executing). 

With application whitelisting, the malware would be blocked, no matter how new. Your whitelist antivirus software doesn’t recognize it as good or bad, so it contains the file until it knows how to classify it.

File size

Some files are named after legitimate applications like COM Surrogate or MSASCuiL.exe, which are both essential functions for your computer to run. By knowing what size these files are supposed to be, application whitelisting software can block fakes that usually have much larger file sizes.

File name

A file name may be designed to look similar to a legitimate program. Since a character or symbol might be changed slightly to look like the original, this occasionally works for letting viruses through. Whitelisting a file name means any small derivations will be blocked.

File path

The file path is where certain processes are supposed to live on your computer. Think of it like saving a Word document to a certain folder. Whitelisting a file path means the whitelist knows that the file belongs only to that certain location. If a file with that name tries to install in a different location, it will be blocked. This is particularly useful with malware that spoofs legitimate programs.

Digital signature/publisher

Large software companies like Microsoft, Apple, Google, and others sign their software with their unique signature. This signature is encrypted and unable to be duplicated. They sign their software so you don’t have to worry about patches and updates being blocked when they’re rolled out to your device. 

By whitelisting these signatures, you can easily keep your software up to date without worrying about a false positive.

Cryptographic hash

A cryptographic hash, also known as a file hash, is a piece of information inside a file that’s unique to that file and version. Whitelisting hashes allows for an additional layer of security because your antivirus is breaking executables into pieces and examining them completely. 

This helps protect your computer against spoofed malware that may change one or two small parts of a legitimate program as a way to mask itself from traditional blacklist antivirus.

Why use application whitelisting?

Whitelisting programs are more secure than traditional antivirus programs. It’s so secure that the National Institute of Standards and Technology (NIST) recommends it as a best practice for government agencies. They even created a guide to application whitelisting.

The reason it is the more secure choice is the nature of how it detects and stops unknowns. With a traditional antivirus, there’s always a chance you could come into contact with a brand-new piece of malware.

In fact, antivirus companies are logging everything passing through your computer and checking to see if it’s listed on their blacklist. When a new malicious code comes through, they may even let it run on your computer so they see how it works and if it’s bad. Using application whitelisting removes you from being a guinea pig.

It also allows IT directors at places like schools and large corporations to manage networks more efficiently. When large numbers of people access the internet from the same system, it increases the chance that one of them will let through a virus that could take down the entire network. This makes your data, like Social Security numbers, more secure when it is stored on a shared server like work or school.

What are the challenges of application whitelisting?

Like anything else, application whitelisting isn’t without its challenges. When running software that works on an allowlist, there are bound to be false positives. This means that the antivirus might block legitimate, safe programs from running. This can hamper productivity and create unwanted downtime at home or work. 

Usually, you can whitelist locally, which means you’ll allow the blocked program to run on your computer while the antivirus checks to make sure this program is good and allowed on the global whitelist.

The setup time may take a little longer when first installing an antivirus program that runs on application whitelisting. There may be a 24-hour test period where the program gathers all of the applications the user is executing while it makes a list of what is allowed to create a baseline. 

This means that, at least on a large scale, application whitelisting software might not be usable for at least a day. This can hinder workflow while waiting on the new application to run such long diagnostics and configuration files.

A final challenge is finding a good piece of software that runs on AWL and is also meant for consumers. Right now all of the application whitelisting developers are fighting for space in the business world. As technology in our own homes becomes more advanced, consumers need access to this technology as well.

Antivirus
Best for Best overall antivirus software All-in-one software Comprehensive security Best value
Starting price $29.00/yr (first year only) $35.99/first yr $29.99/first yr $3.19/mo (billed annually)
Features Zero-day scans, anti-phishing, ransomware protection, password manager, ad blocker, TotalVPN Antivirus protection, VPN, password manager, security for multiple devices Antivirus, malware, ransomware, and hacking protection, cloud backup, password manager, Norton Secure VPN Antivirus protection, Surfshark VPN, private search engine, data leak alerts, ad blocker
Learn more Get TotalAV Get Aura Get Norton360 Antivirus Get Surfshark Antivirus

Best practices for application whitelisting

As a consumer, there are aspects of application whitelisting that are out of your control. The whitelist is usually created, maintained, and updated by your software provider. Since it’s such a powerful tool for staying safe online, it’s worth learning a little more. 

However, there are things you can do to make sure you’re getting the most out of your product and not creating room for human error.

Know how your product works

Make sure you understand how the product initiates, collects data, protects your machine, and updates its own lists. If you aren’t sure about a process, contact the support team for your product. It’s better to wait than to accidentally allow malware.

Be suspicious of files that don’t run

If your AWL product catches unauthorized applications while you’re browsing the web or checking your email, don’t automatically whitelist it locally. If your software has a reporting tool, send it to the developers and researchers who maintain the software’s whitelist and let them research it. It might take a few hours, but it’s better than getting a computer virus.

Run scans

Even if you have your AWL antivirus software set to scan automatically, you should still run a manual scan once a week. There may be performance-enhancing tools that can make your experience better. Running a manual scan can also clue you to malware removal practices and keep you better informed.

Keep patches up-to-date

Setting your product to automatically update patch management is a great way to keep yourself protected. If you still want to manually install patches, make sure you know when your software company rolls out updates and be sure to install them immediately.

Let the product do what it’s meant to do

Application whitelisting software works differently than what you’re used to with traditional blacklist antivirus software. It may “look funny” when you first install it. Let the product run the way it's intended to run and follow the instructions that come from the manufacturer. Human error is the leading cause of infections with AWL software.

While application whitelisting is still an underutilized technology, there are companies adopting it into their software. The recommendations below are outperforming their competitors. Even if you aren’t sure about using AWL, you can take a look at the advantages of this tech through these applications.

Applocker

This whitelisting solution is a Windows proprietary application and can be configured using a guide. It’s a little difficult to set up and you need to maintain it yourself, but it’s a solid tool once it’s running.

Threatlocker

Threatlocker is a powerful AWL tool used mostly for businesses or larger home networks. It’s easy to install and use and it has great ratings. A system administrator may find these types of applications especially useful when having to manage a host operating system on multiple computers, laptops, and mobile devices across a large area.

Airlock Digital

Airlock Digital is another new software tool aimed more at businesses or larger groups. This Australian-based company is really putting itself on the map for its whitelisting process.

McAfee Application Control

This is a mature whitelist (i.e., it’s been around a while and it’s seen some things) that’s centrally controlled — they maintain it for you. This takes the pressure off the user to know the intricacies of AWL management. It’s offered through Trellix.

PC Matic

PC Matic may be the only application whitelisting software that was started with an aim at consumers. The user interface is a little dated and some of the specifics might be confusing, but they have a truly pleasant customer support experience and the software itself is possibly the best in the industry.

 

If you need to disable your current antivirus, whether it's to test a new product or make sure a file downloads correctly, follow our guide. This can be especially useful if you want to turn off your current antivirus to test application whitelisting software.

FAQs


+

What is required for application whitelisting?

A compatible device and an internet connection are all you need to be protected with application whitelisting.


+

What is the difference between whitelisting and blacklisting?

Whitelisting works on a default-deny or zero-trust framework. This means it has to approve every application that runs before it runs. Blacklisting allows through all executables and only stops the ones it recognizes as bad.


+

Why is my application whitelist software failing?

If your application whitelist software is failing, it may be due to a false positive, human error, or a problem in the software or hardware.

Bottom line

Application whitelisting software is the future of antivirus and cybersecurity. The default-deny, zero-day approach used is so much more effective than current blacklist antivirus software that it’s even recommended by the federal government. 

By only recognizing and allowing good programs to run, it eliminates the chance of being the first victim of a new piece of malware. This may lead to some headaches, but it’s definitely more protection than your traditional cybersecurity suite.

As the technology is still being adopted, there may be some bumps along the way for consumers and home users. By being patient and working with your provider, you can make sure the AWL product you use is protecting your machines.

No Fuss, Real-Time Online and Mobile Protection
4.7
Editorial Rating
Learn More
On TotalAV's website
Antivirus Software
TotalAV
First year discount on paid plans
  • Real-time protection from viruses, malware, and online threats
  • Blocks tracking cookies and ads, proactively monitors for data breaches, and option to schedule smart scans
  • 100% compatible with Windows, Mac, Android, and iOS operating systems on up to 3 devices
  • Lacks firewall protection

Author Details
Mary is a seasoned cybersecurity writer with over seven years of experience. With a B.S. in Liberal Arts from Clarion University and an M.F.A. in Creative Writing from Point Park University, she educates audiences on scams, antivirus software, and more. Her passion lies in educating audiences on helpful ways to protect their data.