Versions Compared

Old Version 4

changes.mady.by.user Max Pinion (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Arellia Application Control Solution can set the token of a process, which can then be used to ensure that the process is denied access to internet protected resources protects resources such as files, folders, domain resources, spawning additional applications, etc. 

Info

Introduced in Arellia 8.0

Steps

or domain resources from Internet applications.

First decide what application(s) you'd like to classify as "Internet Applications", for this demonstration ; in the following example we will use Internet Explorer.

  1. In the Thycotic Security Manager Console, click the Policies tab.
  2. In the file library in the left pane, navigate to Policies > Arellia Thycotic Solutions > Application Control > Actions > Application Classifications. 
  3. Right-click Application Classifications and select click New > Application Classification 
  4. Set the name and Application Classification to "InternetApp"
    Image Removed
  5. Navigate to Policies > Arellia Classification.  
  6. Enter a Name and Description, and then click OK.
  7. In the file library in the left pane, navigate to Policies > Thycotic Solutions > Application Control > Policies.
  8. Right-click Policies and select click New > Blank Application Control Policy.
  9. Set the Applications to control to the applications chosen in step 1
    Image Removed
  10. Then select the Application Actions tab and set Image Added
  11. In the right pane under the Applications to Control tab, next to Applications click the Select link and choose the action you created previously.
    Image Added
  12. Click the Application Actions tab.
  13. Next to Applications, click the Select link. 
  14. Set the action to the InternetApp Classification Action from step 3
    Image Removed
  15. Save the policy

 

  1. you created previously.
  2. Click Save.

As soon as the policy is downloaded by an endpoint, the targeted application(s) will have an additional process token set to "Application Classification\InternetApp." . You can then create additional application control policies to target that token and deny the process from creating new processes, or you can set ACLS on folders and files to deny the targeted application from having access. 

...