Application Actions
The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environment in which the application will run or be restricted.
Note: |
To access the Application Actions:
- In the Symantec Management Console, on the Home menu, click Once you are in Arellia > Application ControlIn the left pane, select Policies > Application Control > Application Control Tasks > Application Actions select the Policies tab
- Select Application Control > Actions
The default application actions are described in detail in the following table:
Action | Description | ||
---|---|---|---|
Active X Installer | The ActiveX installer action allows an application (Example: Internet Explorer) to automatically install ActiveX components at an elevated privilege level. ActiveX Components are reported by the File Inventory "Com Component Inventory" policy, which reports on downloaded ActiveX components. | ||
Application Metering | The Application Metering action meters the usage of applications. It reports the usage according to application control agent "Send Events" configuration option. There are no configurable options for this action. | ||
Deny File Access |
| ||
Deny Read/ Write Access To Microsoft Office Documents Document Files | Deny read or write access to Microsoft* Office documents by selecting the appropriate check box. Filter the application by:
| ||
Deny Write Access to Executable Files | Deny write access to common executable files. Filter the application by:
| ||
New Deny File Access Action | Deny a file read or write access by selecting the appropriate check box. Filter the application by: Encrypt Application Files |
| |
Encrypt Common Application Documents | Encrypt an application's documents. Filter the application by:
| ||
Encrypt Microsoft Office Documents | Encrypt Microsoft Office documents. Filter the application by:
| ||
Environment Variables | This action will set a specified environment variable with a specific value | ||
Execute Application | This action will execute a specific application with commands | ||
Messages |
| ||
Advanced | New to SP3 | ||
Application Denied Message | This action will deny an application from being run and display a dialog window that explains why this application is denied along with a link to the Company's policy page. | ||
Application Warning Message | This action will allow an application to run after displaying a dialog window that warns the user that this application has not been approved yet. | ||
Justify Application Elevation Message | This action will cause a dialog window appear after a user requests to run a program as an administrator, they will then need to justify why they need admin rights for that application. This justification will then appear in reports on the Notification Server. | ||
Justify Application Message | This action will allow an application to run after displaying a dialog window that has the user justify why they need to run this application. This justification will then appear in reports on the Notification Server. | ||
Basic |
| ||
Deny Execute Message | Configure this message to appear when a user attempts to run a certain application. You can configure:
| ||
Deny Files Read and Write Access Message | Configure this message to appear when a user has read or write restrictions on a certain application. You can configure:
| ||
Limit Process Rights for New Applications Message | Configure this message to appear to the user informing them that an application has had its rights reduced. This message is configured the same as Default Deny Execute Message, above. | ||
Quarantine Message | Configure this message to appear when you have quarantined an application. This message is configured the same as Default Deny Execute Message, above. | ||
Remove Rights Message | Configure this message to appear when you have restricted a user's rights on an application. This message is configured the same as Default Deny Execute Message, above. | ||
SVS Global Layer User Message | Configure this message to appear when a user opens an application placed into the global virtualization layer. This message is configured the same as Default Deny Execute Message, above. | ||
SVS Isolation Layer User Message | Configure this message to appear when a user opens an application placed into the isolation virtualization layer. This message is configured the same as Default Deny Execute Message, above. | ||
Windows Hooking Message | Configure this message to appear when you prevent an application from starting, as the software may attempt to perform a restricted operation. You can configure:
| ||
New Display user Message Action |
|
| Configure a new message to appear when a certain action is performed. This message is configured the same as Default Deny Execute Message, above.
|
My Actions | This action folder can be used to store actions that are created by you. | ||
Process Rights |
| ||
Add Administrative Rights | This action elevates the permissions and privileges held by a process security token. By default, each process a user launches inherits the user's security token. You can configure:
| ||
Remove Administrative Rights | This action is the same as Default Add Administrative Rights except Restrict is enabled by default. | ||
Process Security | New to SP3 | ||
Locked down Service Process Security Descriptor | This action is used to lock a process down according to a Security Descriptor when the process is started. | ||
Quarantine |
| ||
File Quarantine | Create a quarantine path for applications. You can:
| ||
New File Quarantine | Create To create a new quarantine path for applications. You can: :
| ||
Workspace Visualization Layers |
| ||
Application Control SVS Global Layer | Create an SVS layer that certain applications must run under. You can:
| ||
Application Control SVS Isolation Layer | Create an SVS layer that certain applications must run under. You can:
| ||
New Apply SVS Layer Action | Create To create a new SVS layer that certain applications must run under. You can:
| ||
Deny Execute | Prevent a managed computer from executing an application. Enter an action name and description in the appropriate fields. | ||
Deny Windows Hooking | Prevent applications from hooking into Windows functions. Enter an action name and description in the appropriate fields. |