Versions Compared

Old Version 1

changes.mady.by.user Anonymous

Saved on

compared with

New Version Current

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

KNOWN ISSUE: Application Control 6.1 discrepancies in documentation

Altiris KB Article ID: 48361

Applies To

...

Applies to

Application Control Solution

Question

The Application Control Solution 6.1 User Guide has some documentation that is from the 6.0 version that is no longer accurate.

What are the known corrections to these discrepancies?

Answer

Page 20:

Additional information on Reference Policies:

ACS 6.1 has a new feature that is automates the process of the whitelisting trusted and desired applications. This automation is accomplished through the new Reference System Whitelist and Package Contents Whitelist Polices. With a reference system, you get a inventory scan of the a targeted system to find all applications in that systems windows, system32, and Program Files (and its sub-folders) and place the collected files into a list used by that policy. The policy then targets the remaining ACS systems would use the policy's file list to act as a whitelist to allow execute (typically by putting in the policy as a "No Action" action with the no continue option thus allowing these applications to execute without any intervention by the ACS agent. Application will then be in this "whitelist" so long as that same application had been found on at least one of these reference systems. Package Contents Whitelist are similar only they get their file list from selected Notification Server packages. In most environments both policies can be used concurrently to help automate the "Whitelist" process. As reference systems are updated with new versions or with a new approved application, the whitelist is automatically updated with the new executables or updated versions of those executables (as new versions have an updated hash as well).

...

Stage 2 Processing

Designed to be used for "Ketch Catch All" policies, or another words the policy that is to be applicable for any application that did not was not applicable by the more targeted 1st stage policies. When a application is executed, the ACS service evaluates that process against each of the ACS policies one by one starting with the 1st Stage policies. 1st Stage policies first evaluate the application and then are re-evaluated to see if the parent process has an applicable action for its children processes. In most cases 1st Stage policies are configured to not continue evaluating policies so once an application is applicable to a 1st Stage policy, it will cease to evaluate any other ACS policies. Once both the new application and the parent process that owns that application have been evaluated through all 1st Stage policies and has not been applicable to any of the policies with a no continue, then the ACS service evaluates all of the 2nd Stage policies, again starting with the application itself and then checking the application's parent process. The 2nd Stage policies then becomes applicable by only applications that make it past all of the previous filters without ever being applicable and so are typically configured with an action that will either removed admin rights or a deny execution. It is also typical that these "Ketch Catch All" policies will use an exclusion filter like "Local System and Service Applications" to make sure that core OS applications don't get stopped due to a missed whitelist item.

...