Versions Compared

Old Version 2

changes.mady.by.user Max Pinion (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top
top
What's

...

covered

Create a Resource Target

Create a File Scan Policy

Create a File Parameter Selection

Create a Whitelist Policy

 

This document shows you how to create a whitelist policy for your reference system that targets a collection of computers, searches for Windows executables, and then adds any Windows executables to a whitelist.

Anchor
ResourceTarget
ResourceTarget
Create a

...

resource target

First you will need to create a resource target that contains the desired reference system(s). To create a resource target, do the following steps:

  1. In the Thycotic Security Manager Console, click the Resources tab.
  2. In the left pane, click Resource Filters.
  3. Right-click the Resource Target folder.
  4. Click New > Resource Targets > Resource Target.
    Image RemovedImage Added
  5. Enter a name and description.
  6. Click OK.
    Image RemovedImage Added
  7. In the right pane under Filtering Rules, click the Add rule button.
    Image RemovedImage Added
  8. In the Then menu, "excludes computers not in" will be the default. 
  9. In the menu just to the right of the Then menu, choose Computer List.
  10. Then click Select.
    Image RemovedImage Added
  11. In the Select Item window that opens, click the computer resources that represent your reference system(s).
  12. Click OK.
    Image Removed

...


  1. Image Added

top

Anchor
FileScan
FileScan
Create a

...

file scan policy

Now that you have your targeting established you can create a file scan policy to add files to your whitelist.

  1. In the Thycotic Security Manager Console, click the Policies tab.
  2. In the left pane, navigate to the Arellia Thycotic Solutions > File Inventory > Policies folder.
  3. Right-click the Policies folder and click New > General Scheduled Client Task.
    Image RemovedImage Added
  4. In the Create Item dialog box, give the task a name and description.
  5. Under Client Command, click the Select link.
    Image Removed
    Image Added

  6. In the Client Command dialog box, click File Scan Command.
  7. Click OK.
    Image Removed
    Image Added

  8. Under Resource Targets, click the All Managed Computers (Target) link.
  9. In the Resource Targets dialog box, choose the endpoints you want to include in the policy.
  10. In the Create Item dialog box, click OK.
  11. Configure the new policy settings as follows:
    1. Turn on the new policy.
    2. Under File Specifications choose Executables in Windows Directories.
    3. Under Reporting Specifications choose Executions in Windows Directories not present in Security Catalogs.
    4. Configure the schedule interval for how often the file scan will execute.

      Note: During the initial testing phase the file scan can be started manually using Windows Task Scheduler on the reference system.

      Image RemovedImage Added

  12. Click Save.

[REVIEW] Manually Create a Reference System Whitelist Policytop

Anchor
Parameters
Parameters
Create a

...

file parameter collection

Once the file scan has run on the reference system(s) you will have a list of all executables in the Windows directories that are not contained in a security catalog.

...

Create a file parameter collection by doing the following steps:

  1. In the Thycotic Security Manager Console, click the Policies tab.
  2. In the left pane, navigate to the Arellia Solutions to the Thycotic Solutions > Application Control > Filters > Inventory Filters.
  3. Right-click the Inventory Filters folder.
  4. Click New > File Scan Results Filter (Policy).
    Image RemovedImage Added
  5. Give the filter a name and optional description.
  6. Click OK.
    Image Removed
    Image Added

  7. In the Right pane, set the Data Source to the new policy.
  8. Next to Reporting Filter click the Select link and choose the reporting filter you configured in the previous steps.
  9. Under Results click Included.
  10. Click Save.
    Image Removed

...


  1. Image Added

top

Anchor
Whitelist
Whitelist
Create a

...

whitelist policy

When you have completed the previous steps, put them all into a Reference System Whitelist Policy reference system whitelist policy by doing the following steps:

  1. In the Thycotic Security Manager Console, click the Policies tab.
  2. In the left pane, navigate to Arellia Thycotic Solutions > Application Control > Policies > Whitelisting.
  3. Right-click the Whitelisting folder.
  4. Click New > Blank Application Control Policy.
    Image RemovedImage Added
  5. Give the policy a name and optional description.
  6. Click OK.
    Image Removed
    Image Added
     
  7. In the Applications to Control tab, click the Select Applications to control... link.
  8. In the Select Items dialog box that opens, select the file parameter collection you created previously.
  9. In the Policy Enforcement tab, set the Policy priority at a number lower than your orangelist or deny policy priorities.
  10. Ensure that Continue enforcing policies after enforcing this policy is unchecked.
  11. Click Save.

[REVIEW] Manually Create a Reference System Whitelist Policytop

You now have a working reference system whitelist policy configured.

...

Whitelisting