| Wiki Markup | ||||
|---|---|---|---|---|
| Warning | ||||
| ||||
Arellia 7.1 SP3 has introduced requirements of SQL Server 2008 as a minimum SQL Server Platform {warning} |
Application
...
Control
...
Solution
...
7.1
...
SP3
...
is
...
being
...
made
...
available
...
via
...
...
...
Introduction
Application-level
...
security
...
attacks,
...
such
...
as
...
file
...
system
...
corruption,
...
registry
...
corruption,
...
spyware,
...
and
...
keylogging,
...
pose
...
a
...
serious
...
threat
...
to
...
mission
...
critical
...
business
...
operations.
...
Altiris
...
Application
...
Control
...
Solution
...
helps
...
you
...
manage
...
this
...
risk
...
by
...
letting
...
you
...
control
...
the
...
software
...
applications
...
in
...
your
...
Altiris
...
environment.
...
For
...
example,
...
using
...
Application
...
Control
...
Solution,
...
you
...
can
...
create
...
policies
...
to
...
automatically
...
inventory
...
the
...
software
...
packages
...
or
...
systems
...
in
...
your
...
environment.
...
You
...
can
...
also
...
protect
...
your
...
company's
...
data
...
from
...
malicious
...
behavior
...
by
...
automatically
...
encrypting
...
documents,
...
controlling
...
an
...
application's
...
access
...
to
...
specific
...
network
...
locations,
...
and
...
preventing
...
applications
...
from
...
installing
...
Windows
...
API
...
hooks.
...
For
...
a
...
summary
...
presentation
...
on
...
the
...
changes,
...
see
...
...
...
...
...
...
...
.
Requirements
- Arellia Application Control Solution 7.1 SP3 requires Notification Server 7.1 SP2 as a minimum platform.
The recommended system requirements vary depending on the size of the environment. The size of the environment also affects how you configure the platform.
For more information, see Symantec Management Platform Best Practices References.
- Microsoft Silverlight 5, which you will be automatically prompted to download when first accessing the Arellia Console.
It can be manually downloaded from http://www.microsoft.com/silverlight/
...
- IIS
...
- Url
...
- Rewrite
...
- 2.0
...
- module
...
- needs
...
- to
...
- be
...
- installed
...
- on
...
- the
...
- Notification
...
- Server.
...
Symantec
...
- Installation
...
- Manager
...
- will
...
- automatically
...
- prompt
...
- you
...
- to
...
- install
...
- this,
...
- or
...
- you
...
- can
...
- manually
...
- download
...
- it
...
- from
...
...
- Microsoft
...
- SQL
...
- Server
...
- 2008
Installation
You use Symantec Installation Manager to install Symantec Management Platform and all of the products that run on the platform. You also use Symantec Installation Manager to install updates, apply licenses, and repair installations.
For more information, see the Quick Start to Installing with Symantec Installation Manager.
Please see the following articles for additional configuration actions.
How to Disable the Clean up File Resources Task
Info title Technical Impact The Software Management "Clean up File Resources" task, deletes File Resources that are not associated with functionality delivered with SMP Software Management. In particular it deletes File Resources that do not have a Resource Asssociation. This ignores the situation where relationships are modelled through Inventory Data Classes (Dataclass Foreign Key Associations). Arellia products have modelled these relationships in the same manner since the introduction of the File Resource with Application Control 6.0.
If this task schedule is not deleted, most File Resources discovered through Local Security Soloution and Application Control Solution will be deleted at 2:10 am every day. These resources will re-discovered based upon inventory cycles, and will subsequently be once again deleted.- Arellia X64 7.1 Agent Information
Info title Policy Enforcement changes A significant change has be made to default policy enforcement which is outlined in detail . A new option "Applies to All Policies" has been introduced to Application Control Policies, which defaults to false. Unless checked Application Control Policies will now only be applied to User Interactive processes.
Policy Enforcement History
Previous to version 7.1 SP3, all policies were evaluated when an application was executed. This included System and Windows Service applications, and not just "User Interactive" applications. Policies were required to include a manditory filter specfying the default "User Interactive" filter to only apply to "User Interactive" applications.
7.1 SP3 and beyond Policy Enforcement Behavior
A new option "Applies to All Policies" has been introduced for Application Control Policies, which defaults to false. Unless checked Application Control Policies will only be applied to User Interactive processes.
Reasons for change
In dealing with support issues for Application Control a substantial and ongoing theme is the application of Application Control Policies to non user interactive processes, and the subsequent unintended consequences.
In evaluting the best way to help protect Application Control users from unintended consequences, it was decided to default enforcement of policies to just user interactive processes.
Required Changes
Any existing policies that are meant to be applied to all processes must be modified to set the "Applies to all processes" option available in the "Policy Enforcement" tab.
Licensing
Changes have been made to how Arellia licenses its products.