...
- Whitelisting Software Packages (page 48)
- Whitelisting Reference Systems (page 49)
- Restrict an Application's Process Rights (page 50)
- Automate Document Encryption (page 50)
- Prevent Malicious Applications from Running (page 51)
- Prevent Read/Write to File Types or Network Locations (page 52)
- Run an Application in an SVS Layer (page 53)
- Quarantine Files (page 53)
Altiris Application Control Solution Help 49
Restrict an Application's Process Rights
This scenario describes the process involved in restricting an application's process rights. This sample scenario guides you through the necessary steps, using the default Limit Internet Explorer and Outlook process rights policy.
Scenario Description
In this scenario, the end user has:
? Internet Explorer installed
? A user account with administrative rights
? Network Messenger Service enabled and running
With this configuration, Internet Explorer has inherited administrative rights from the user and is therefore able to stop Windows Services.
Scenario Resolution
To prevent Internet Explorer from stopping Windows services, perform the following steps:
1. In the Altiris Console, select the Tasks tab.
2. In the left pane, select Tasks > Security Management > Application Control > Windows > Application Control Tasks > Application Control Policies > Limit Internet Explorer and Outlook process rights.
3. In the right pane, select Enable.
4. Open Internet Explorer, select File > Open and browse to cmd.exe in the SYSTEM
directory.
5. Attempt to stop the MSN Messenger service using the command line: NET STOP Messenger.
An Application Control message appears on the taskbar stating "IEXPLORER.EXE has had its rights reduced" and you are unable to stop the service.
Automate Document Encryption
...