Versions Compared

Old Version 9

changes.mady.by.user Max Pinion (Deactivated)

Saved on

compared with

New Version 10

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What's Covered

Create a Resource Target

Create a File Scan Policy

Create a File Parameter Selection

This document shows you how to create a whitelist policy for your reference system that targets a collection of computers, searches for Windows executables, and then adds any Windows executables to a whitelist.

...

  1. In the Security Manager Console, click the Policies tab.
  2. In the left pane, navigate to the Arellia Solutions > File Inventory > Policies folder.
  3. Right-click the Policies folder and click New > General Scheduled Client Task.
     
  4. In the Create Item dialog box, give the task a name and description.
  5. Under Client Command, click the Select link.

     
     
  6. In the Client Command dialog box, click File Scan Command.
  7. Click OK.

     
     
  8. Under Resource Targets, click the All Managed Computers (Target) link.
  9. In the Resource Targets dialog box, choose the endpoints you want to include in the policy.
  10. In the Create Item dialog box, click OK.
  11. Configure the new policy settings as follows:
    1. Turn on the new policy.
    2. Under File Specifications choose Executables in Windows Directories.
    3. Under Reporting Specifications choose Executions in Windows Directories not present in Security Catalogs.
    4. Configure the schedule interval for how often the file scan will execute.

      Note: During the initial testing phase the file scan can be started manually using Windows Task Scheduler on the reference system.



  12. Click Save.

Create a File Parameter Collection

Once the file scan has run on the reference system(s) you will have a list of all executables in the Windows directories that are not contained in a security catalog.

You can create a file parameter collection that contains this list of files which can then be used in a whitelist policy

...

.

Create a file parameter collection by doing the following steps:

  1. In the Security Manager Console, click the Policies tab.
  2. In the left pane, navigate to the Arellia Solutions > Application Control > Filters > File Parameter Collections folder and create a new Inventory Filters
  3. Right-click the Inventory Filters folder.
  4. Click New > File Scan Results Filter (Policy).
    Image Added
  5. Give the filter a name and optional description.
  6. Click OK.

    Image Added

  7. Configure the parameters to reflect the File Scan policy settings
    1. Set the File Scan Policy to the policy created in the above steps
    2. Set the Reporting Filter to the same one that was configured in the above steps
    3. Set the Results to be Included
    4. Click Save


...