Versions Compared

Old Version 7

changes.mady.by.user Anonymous

Saved on

compared with

New Version Current

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
titleSummary

Excerpt

This action allows a process to be protected from most tampering by users.

Note
titleIntroduced in 7.1 SP3

This feature was Introduced in version 7.1 SP3

Adjust Process Security

In Arellia Application Control Solution 7.1 SP3 the ability to adjust process security was added. This feature Adjusting Process Security allows a process to be protected from most tampering by users. For  For example, it can be used to adjusting process security can restrict who can stop a process from the task manager. It is also recommended that all adjusting of We recommend that you adjust process security is done in a test environment before you deploy it is deployed to the production environment.

...

To include a Process Security Descriptor action in an Application Control policy, you must create a security descriptor and a process security action.

Create a Security Descriptor

The Security Descriptor defines who has what rights to the process that is started.

Image Removed

From the "As shown in the following screenshot, you can create a new Process Security Descriptor by clicking Security Descriptors - User Defined" (Under Policies) we can create a new Process Security Descriptor where we will .

Image Added

 

Then define what rights each user or group has to the process. (It is , as shown in the following screenshot.

Warning
titleCaution

We strongly recommended that

...

you always set System has Full Control

...

Image Removed

...

in the security descriptor settings.

 

Image Added

For detailed instructions about how to create a security descriptor, go to Security descriptors.

Create a Process Security Action

The A Process Security Action is what Descriptor action applies the restrictions to the process when it is created. Image Removed
After creation of the new ". To create a Process Security Descriptor action, do the following steps:

  1. In the Policies tab of the Security Manager Console, right-click the Process Security folder.
  2. Click New > Set Process Security Descriptor Action

...

Create a new Application Control Policy

...

  1. .
    Image Added
  2. Create a name for the new Process Security Descriptor Action.
  3. Click the Select... link.
    Image Added 
  4. Click the Security Descriptor that you want to attach the new action to.
    Image Added
  5. Click Save

The new action appears in the list of actions available in the Process Security folder. It is now available to include in an Application Control policy. For details about creating an Application Control policy, go to Create Application Control Policies.

Policies