...
| Anchor | ||||
|---|---|---|---|---|
|
Create a File Parameter Selection
This document shows you how to create a whitelist policy for your reference system that targets a collection of computers, searches for Windows executables, and then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applications already included in a security catalog to the whitelist.
Resource Target
adds any Windows executables to a whitelist.
| Anchor | ||||
|---|---|---|---|---|
|
First you will need to create a resource target that contains the desired reference system(s).
...
To create a resource target, do the following steps:
- In the Security Manager Console, click the Resources tab, expand the .
- In the left pane, click Resource Filterssection.
- Right click on Collections > Arellia > Application Control > Reference Systems and create a new Resource Target
- Supply a name and optional description and click OK
- Once the target configuration page is presented click on -click the Resource Target folder.
- Click New > Resource Targets > Resource Target.
- Enter a name and description.
- Click OK.
- In the right pane under Filtering Rules, click the Add rule buttonCreate a rule that starts with all computers and then excludes computers not in Computer List and then select the .
- In the Then menu, "excludes computers not in" will be the default.
- In the menu just to the right of the Then menu, choose Computer List.
- Then click Select.
- In the Select Item window that opens, click the computer resources that represent your reference system(s) .
- Click SaveOK.
| Anchor | ||||
|---|---|---|---|---|
|
Now that you have your targeting established you can create the a file scan policy to populate the list of whitelisted files
...
add files to your whitelist.
- In the Security Manager Console, click the Policies tab.
- In the left pane, navigate to the Arellia Solutions > File Inventory > Policies folder and create a new Policies folder.
- Right-click the Policies folder and click New > General Scheduled Client TaskGive .
- In the Create Item dialog box, give the task a name and optional description
- Set the client command to File Scan Command
- Set the resource target to the target created in the section above
- Click OK Configure the description.
- Under Client Command, click the Select link.
- In the Client Command dialog box, click File Scan Command.
- Click OK.
- Under Resource Targets, click the All Managed Computers (Target) link.
- In the Resource Targets dialog box, choose the endpoints you want to include in the policy.
- In the Create Item dialog box, click OK.
- Configure the new policy settings as follows:
- Turn on the new policy.
- Under File Specifications: choose Executables in Windows Directories.
- Under Reporting Specifications: choose Executions in Windows Directories not present in Security Catalogs.
- Configure the schedule interval for how often the file scan will execute.
Note
- : During the initial testing phase the file scan can be started manually using Windows Task Scheduler on the reference system.
- Click Save.
Anchor Parameters Parameters
Create a File Parameter Collection
| Parameters | |
| Parameters |
Once the file scan has run on the reference system(s) you will have a list of all executables in the Windows directories that are not contained in a security catalog.
...
You can create a file parameter collection that contains this list of files which can then be used in a whitelist policy
...
.
Create a file parameter collection by doing the following steps:
- In the Security Manager Console, click the Policies tab.
- In the left pane, navigate to the Arellia Solutions > Application Control > Filters > Inventory Filters.
- Right-click the Inventory Filters folder.
- Click New > File Parameter Collections folder and create a new File Scan Results Filter (Policy).
- Give the filter a name and optional description.
- Click OK.
Configure the parameters to reflect the File Scan policy settings- Set the File Scan Policy to the policy created in the above steps
- Set the Reporting Filter to the same one that was configured in the above steps
- Set the Results to be Included
- Click Save
Whitelist Policy
...
- In the Right pane, set the Data Source to the new policy.
- Next to Reporting Filter click the Select link and choose the reporting filter you configured in the previous steps.
- Under Results click Included.
- Click Save.
| Anchor | ||||
|---|---|---|---|---|
|
When you have completed the previous steps, put them all into a Reference System Whitelist Policy .
...
by doing the following steps:
- In the Security Manager Console, click the Policies tab.
- In the left pane, navigate to Arellia Solutions > Application Control > Policies > Whitelisting folder and create a new Whitelisting.
- Right-click the Whitelisting folder.
- Click New > Blank Application Control Policy.
- Give the policy a name and optional descriptionSet the Applications to .
- Click OK.
- In the Applications to Control tab, click the Select Applications to control... link.
- In the Select Items dialog box that opens, select the file parameter collection you created abovepreviously.
- Under In the Policy EnforcementSet the Policy priority to be tab, set the Policy priority at a number that is lower than your orange list / orangelist or deny policy priorities.
- Ensure that Continue enforcing policies after enforcing this policy is unchecked.
- Click Save.
You now have a working reference system whitelist policy configured.