I'm reading up about Applocker, as a potential solution to allow clients to install/run approved software, without waiting on IT to do it. (small team supporting several global time zones)
Inside Microsoft, they use Applocker with a white list, all users have full local admin rights on their workstation, and thus can install anything that MSIT have approved.
There's also a great How-To here on spiceworks about how to get started.
What I'm wondering about is the prevalence/risk of malware having an authentic signature belonging to a trusted publisher which can fool AppLocker into allowing it to run?
The client machines will have endpoint protection as well, but I'm wondering that if our AppLocker rules are based on Publishers, are we leaving ourselves vulnerable?