Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Application Filters

An application filter defines the applications (groups of files) that can be restricted by an

Application Control Policy. There are three types:?

  • Application Context Filters - These filters are evaluated by the Altiris Agent and are used to apply security policies to applications in a user context.

...

  • Dynamic Filters - These filters are evaluated by the Altiris Agent and are used to apply security policies to applications not yet discovered but commonly used or downloaded.

...

  • Inventory Filters - These collection-based filters are evaluated by the Notification Server and depend on file inventory data. They are used to apply application control policies for already discovered applications.

...

  • Command Line Filters - A commandline filter examines the commandline (excluding the primary executable) and applies a pattern match (Exact, Partial or Regular Expression).

...

  • Secondary File Filters - A Secondary File filter addresses the situation where the intended action is not the primary executable (such as RunDll.exe), but rather a file specified within the commandline. It examines the commandline of an application to see whether there appears to be a secondary file. If so the secondary file filter applies the specified filters to the secondary file.

...

  • Time of Day Filter - These filters allow an application filter to be applied based on the specific time an application is launched. The time details can be set individually for each day of week, or applied to the same period on all days.

...

  • User Group Filter - These filters allow the application of application filters based on either the built-in account or Domain User Group status (if Altiris Local Security Solution is installed) of the user executing applications.
Info
titleNote

We recommend using the Application Control Wizard to create policies and to associate actions, filters, and target computers. See Creating an Application Control

...

Policy.

To access application filters

...

  1. In the Altiris Console, click the Tasks tab.

Altiris Application Control Solution Help 24

...

  1. In the left pane, select Tasks > Security Management > Windows >
    Application Control Tasks > Application Filters.

The following table lists all the filters available and a description of each.

Filter Description

Application Context Filters

Filter

Description

Interactive Users

You can apply policies to applications with interactive users. Select the appropriate check box and enter policy details in the fields provided.

LocalSystem and Service

...

Applications

You can apply policies to LocalSystem and Service applications. Select the appropriate check box and enter policy details in the fields provided.

Service Applications

You can apply policies to Service applications. Select the appropriate check box and enter policy details in the fields provided.

Dynamic Filters

Filter

Description

Instant Messaging

...

Applications -

...

  • AOL Instant

...

  • Messenger

...

  • Google Talk

...

  • MSN Messenger

...

  • Skype

...

  • Trillian

...

  • Yahoo! Messenger

...

Media Players -

? iTunes

...

? QuickTime

? RealPlayer

? Winamp

...

You can apply security policies to any of the listed Instant Messaging applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can:

...

  • Enter a filter name and description.

...

  • Enter a File name and File path in the fields provided.

...

  • (Optional) Click Include subdirectories to filter them also.

...

  • Enter Win32 Executable File Information:

    ...

      • Internal Name

    ...

      • Original file name

    ...

      • File version

    ...

      • Product name

    ...

      • Product version

    ...

      • Company name

    Media Players -

    • iTunes
    • Microsoft Windows Media Player
    • QuickTime
    • RealPlayer
    • Winamp

    You can apply security policies to the listed Media Player applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.

    Altiris Application Control Solution Help 25

    Filter Description

    MS Office Suite -

    ...

    • MS Access

    ...

    • MS Excel

    ...

    • MS FrontPage

    ...

    • MS Outlook

    ...

    • MS Word
    • New Win32 Executable File Filter

    You can apply security policies to the listed Microsoft Office Suite applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.

    ...

    Internet Explorer

    You can apply a security policy to the Microsoft Internet Explorer application. You can configure it the same as Instant Messaging Applications, above.

    New Signed File Filter

    You can create a filter by associating a digital certificate.

    ...

    You can:

    ...

    • Enter a filter name and description.

    Inventory Filters

    ...

    • Include Digital Certificates - All files signed by a selected digital certificate will be included in this filter.
      For information on editing collections, see Notification Server Help.

    Inventory Filters

    Filter

    Description

    Security Rating

    This folder contains:

    ...

    • All Whitelist Applications

    ...

    • All Graylist Applications

    ...

    • All Blacklist Applications

    ...

    • All Unclassified Applications

    All Executable Files

    ...

    Discovered in Last 2

    ...

    Weeks

    All Executable Files
    Discovered in Last Day

    All Executable Files
    Discovered in Last Month

    All Executable Files
    Discovered in Last Week

    For information on editing collections, see Notification
    Server Help.

    Collection listing all executables files discovered by File Inventory on your managed computers in the last two

    ...

    weeks. This collection can't be edited.

    All Executable Files Discovered in Last Day

    Collection listing all executables files discovered by File Inventory on your managed computers in the last day. This collection can't be edited.

    All Executable Files Discovered in Last Month

    Collection listing all executables files discovered by File Inventory on your managed computers in the previous month. This collection can't be edited.

    All Executable Files Discovered in Last Week

    Collection listing all executables files discovered by File Inventory on your managed computers in the last week. This collection can't be edited.

    Altiris Application Control Solution Help 26

    Filter Description

    Win32 Executable File

    ...

    Collection

    ...

    ...

    This is a collection of all Win32 Executable Files. If you edit this collection you can configure:

    ...

    • Filter - Select whether to include or exclude matching applications from this collection.

    ...

    • Win32 Executable Criteria - Enter the criteria the application must match for the filter to apply from:

    ...

    • Internal Name

    ...

    • Original File Name

    ...

    • File Version

    ...

    • Product Name

    ...

    • Product Version

    ...

    • Company Name

    Signed File Resource Collection

    This is a collection based on all files signed by a specific digital certificate. If you edit this collection you can configure:

    • Filter - Select whether to include or exclude matching applications from this collection.
    • Include Digital Certificate - All files signed by a selected digital certificate will be included in the collection.

    File Resource Collection

    This collection allows a Security Policy to be applied to specific applications. If you edit this collection you can configure:

    • Filter - Select whether to include or exclude matching files from this collection.
    • Include Files - Select files to be included in the collection.

    File Aggregate Collection

    This is a collection of files based on existing file resource collections. If you edit this collection you can configure:

    • Filter - Select whether to include or exclude matching files from this collection.
    • First Collection - Select a collection as a basis for this collection.
    • Collection Type - Select Intersection for the collection to contain files in the first and second collection, or Difference for the collection to contain files in either the first or second collection.
    • Second Collection - Select a collection who's files will combine with First Collection to create the new collection.