The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environment in which the application will run or be restricted.
Info | ||
---|---|---|
| ||
We recommend using the Application Control Wizard to create policies and to associate actions, filters, and target computers. See Application Control Wizard |
...
. |
To access the application actions folder1.
- In the Altiris Console, click the Tasks tab.
...
- In the left pane, select Tasks > Security Management > Application Control >
Windows > Application Control Tasks > Application Actions.
The default application actions are described in detail in the following table:
Action | Description |
---|---|
Active X Installer |
...
Application
Metering
...
Deny Read/ Write Access To Microsoft Office Documents
The ActiveX installer action allows an application (Example: Internet Explorer) to automatically install ActiveX components at an elevated privilege level. | |
Application Metering | The Application Metering action meters the usage of applications. It reports the usage according to application control agent "Send Events" configuration option. |
Default Deny Files Read and Write Access | Deny read or write access to a certain application by selecting the appropriate check box. Filter the application by: |
...
|
...
|
...
| |
Deny Read/ Write Access To Microsoft Office Documents | Deny read or write access to Microsoft* Office documents by selecting the appropriate check box. Filter the application by: |
...
|
...
|
...
|
...
Action Description
Deny Write Access to Executable |
...
New Deny File
Access Action
Encrypt Common Application Documents
Encrypt Common Microsoft Office Documents
Deny Execute
Message
...
Files |
...
Deny write access to common executable files. Filter the application by: |
...
|
...
|
...
| |
New Deny File Access Action | Deny a file read or write access by selecting the appropriate check box. Filter the application by: |
...
|
...
|
...
| |
Encrypt Common Application Documents | Encrypt an application's documents. Filter the application by: |
...
|
...
|
...
| |
Encrypt Common Microsoft Office Documents | Encrypt common Microsoft Office documents. Filter the application by: |
...
|
...
|
...
| |
Deny Execute Message | Configure this message to appear when a user attempts to run a certain application. You can configure: |
...
|
...
|
...
|
...
|
...
|
...
| |
Deny Files Read and Write Access Message | Configure this message to appear when a user has read or write restrictions on a certain application. You can configure: |
...
|
...
|
...
|
...
|
...
|
...
|
Altiris Application Control Solution Help 17
Action Description
Encrypt Doc |
...
Limit Process Rights for New Applications Message
New Display user Message Action
Quarantine
Message
...
Message |
SVS Global Layer User Message
SVS Isolation Layer User Message
Windows Hooking Message
Configure this message to appear when a document is encrypted. This message is configured the same as Default Deny Execute Message, above. | |
Limit Process Rights for New Applications Message | Configure this message to appear to the user informing them that an application has had its rights reduced. This message is configured the same as Default Deny Execute Message, above. |
New Display user Message Action | Configure a new message to appear when a certain action is performed. This message is configured the same as Default Deny Execute Message, above. |
Quarantine Message | Configure this message to appear when you have quarantined an application. This message is configured the same as Default Deny Execute Message, above. |
Remove Rights Message | Configure this message to appear when you have restricted a user's rights on an application. This message is configured the same as Default Deny Execute Message, above. |
SVS Global Layer User Message | Configure this message to appear when a user opens an application placed into the global virtualization layer. This message is configured the same as Default Deny Execute Message, above. |
SVS Isolation Layer User Message | Configure this message to appear when a user opens an application placed into the isolation virtualization layer. This message is configured the same as Default Deny Execute Message, above. |
Windows Hooking Message | Configure this message to appear when you prevent an application from starting, as the software may attempt to perform a restricted operation. You can configure: |
...
|
...
|
...
|
...
|
...
|
...
|
...
Action Description
Add Administrative Rights |
Remove Administrative Rights
This action elevates the permissions and privileges held by a process security token. By default, each process a user launches inherits the user's security token. You can configure: |
...
|
...
|
...
|
...
|
...
|
...
|
...
| |
Remove Administrative Rights | This action is the same as Default Add Administrative Rights |
File Quarantine | Create a quarantine path for applications. You can: |
...
|
...
|
...
New File
Quarantine
Application Control SVS Global Layer
...
...
| |
New File Quarantine | Create a new quarantine path for applications. You can: |
...
|
...
|
...
| |
Application Control SVS Global Layer | Create an SVS layer that certain applications must run under. You can: |
...
|
...
|
...
| |
Application Control SVS Isolation Layer | Create an SVS layer that certain applications must run under. You can: |
...
|
...
|
...
|
Altiris Application Control Solution Help 19
Action Description
New Apply SVS Layer Action | Create a new SVS layer that certain applications must run under. You can: |
...
|
...
|
...
| |
Deny Execute | Prevent a managed computer from executing an application. |
...
Enter an action name and description in the appropriate fields. |
Deny Windows |
...
Hooking | Prevent applications from hooking into Windows functions. Enter an action name and description in the appropriate fields. |