AppLocker is a Microsoft tool in Windows Enterprise and Server that lets you define which applications, scripts, and installers may run on a system. It is managed through Group Policy Objects.
AppLocker implements ISO 27001 Annex A control A.8.19 (Software Installation) and the principle of application whitelisting. You define rules based on path, publisher, or file hash. In practice, the publisher-based approach works best because it remains effective after software updates. AppLocker is listed in BSI IT-Grundschutz as a measure against malware. For environments beyond Windows Enterprise, Microsoft offers Windows Defender Application Control (WDAC) as a more capable alternative.