In this scenario you will create a reference system whitelist policy that targets a collection of computers, searches for Windows executables, then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applications already included in a security catalog to the whitelist.
Resource Target
First you will need to create a resource target that contains the desired reference system(s).
- Open the Resources tab, expand the Resource Filters section
- Right click on Collections > Arellia > Application Control > Reference Systems and create a new Resource Target
- Supply a name and optional description and click OK
- Once the target configuration page is presented click on the Add rule button
- Create a rule that starts with all computers and then excludes computers not in Computer List and then select the computer resources that represent your reference system(s)
- Click Save
File Scan Policy
Now that you have your targeting established you can create the file scan policy to populate the list of whitelisted files
- Open the Policies tab
- Right click on the Arellia Solutions > File Inventory > Policies folder and create a new General Scheduled Client Task
- Give the task a name and optional description
- Set the client command to File Scan Command
- Set the resource target to the target created in the section above
- Click OK
- Configure the policy settings as follows:
- File Specifications: Executables in Windows Directories
- Reporting Specifications: Executions in Windows Directories not present in Security Catalogs
- Configure the schedule interval for how often the file scan will execute
Note that during the initial testing phase the file scan can be started manually using Windows Task Scheduler on the reference system - Click Save
File Parameter Collection
Once the file scan has run on the reference system(s) you will have a list of all executables in the Windows directories that are not contained in a security catalog.
...