Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Application Whitelisting

Application whitelisting is a computer administration practice used to define what applications are trusted and allowed to run. This technique is often used hand-in-hand with application orangelisting and blacklisting which targets the unknown, unwanted, or untrusted software. 

Application whitelisting allows only trusted software to run on your networkendpoints, which protects your network from malware threats.endpoints from unlicensed, unwanted, and malicious software. Arellia's Application Control Solution allows you to manage applications on your network flexibly in a flexible waylarge, distributed client environment by putting:

  • Put known trusted software applications in a Whitelistwhitelist
  • Put potentially trusted software applications in an Orangelist orangelist (also known as a graylist)
  • Put everything else in a Blacklist everything else in a blacklist

Multiple Whitelists

We recommend creating separate whitelists for all the separate departments within your organization. Why? Because not all departments need the same applications on their whitelist, and multiple whitelists are easier to manage than one master whitelist that includes every trusted application in your environment.

Building an Initial Whitelist

A common approach to building an initial whitelist is to put all of the trusted applications in a whitelist and move everything else automatically to a blacklist, but only our most experienced customers should try this approach because it results in denials of service and angry users. 

The standard operating system image(s) can be leveraged to build an initial whitelist. Add to that all packages in the IT delivered software repository, which can also be added to a whitelist. Applications can also be trusted by owner, digital certificate, vendor, location, etc. 

 

In order to implement a whitelisting set of policies:

...

 The Application Control Solution allows you to add applications to your whitelist using the following attributes:

  • Reference systems
  • Managed software
  • File ownership
  • Digital signature
  • Vendor
  • Locations

Creating a whitelist that targets applications by filehash is not very manageable because every time an application is updated the file hash changes, and you will then have to re-add it to the whitelist policy.

We recommend targeting applications on your whitelist according to their digital signature. This results in a dynamic whitelist, because when these applications are updated the digital signature does not change as often and the application will remain on the whitelist.

Whitelist Software Delivery Packages

Create a Reference System Whitelist Policy