Sample Scenarios
This section describes some useful tasks you can create with Application Control
Solution.
Task
...
prerequisites
Ensure the following Application Control policies are enabled:
...
- The Default File Inventory Policy with its default configuration. See File
Inventory Agent Configuration (page 41).
Scenarios
- Whitelisting Software Packages (page 48)
- Whitelisting Reference Systems (page 49)
- Restrict an Application's Process Rights (page 50)
- Automate Document Encryption (page 50)
- Prevent Malicious Applications from Running (page 51)
- Prevent Read/Write to File Types or Network Locations (page 52)
- Run an Application in an SVS Layer (page 53)
- Quarantine Files (page 53)
Altiris Application Control Solution Help 51
Run an Application in an SVS Layer
This scenario shows you how to capture application data in a Software Virtualization
Solution layer.
Scenario Description
In this scenario, the end user has the following installed:
? Microsoft Word
Scenario Resolution
1. On the managed computer, create the Microsoft Word document
C:\document\important document.doc.
2. In the Altiris Console, select the Tasks tab.
3. In the left pane, select Tasks > Security Management > Application Control >
Windows > Application Control Tasks > Manage Applications.
4. In the right pane, click ? and select Run an application in an SVS layer.
5. In Step 1 of the Application Control Wizard, click Next.
6. In Step 2, select MS Word as the Include Filter.
7. In Step 3, configure the policy details as follows, and click Finish:
? Select Enable.
? Name - Run Microsoft Word in an SVS layer.
? Description - Capture Microsoft Word data in an SVS layer.
8. In Microsoft Word, create a document and save it to C:\document\suspect document.doc.
9. Close Microsoft Word.
10. Verify the document is not visible in Windows Explorer; it has been isolated by the layer.
11. Disable the policy and attempt to open the document. The document will no longer exist as the layer is no longer active for Microsoft Word.
Quarantine Files
This scenario shows you how to quarantine a known malicious application.
Altiris Application Control Solution Help 53
Scenario Description
Copy and rename cmd.exe: "C:\Virus\malicious application.exe".
Scenario Resolution
1. On the managed computer, create the Microsoft Word document
C:\document\important document.doc.
2. In the Altiris Console, select the Tasks tab.
3. In the left pane, select Tasks > Security Management > Application Control >
Windows > Application Control Tasks > Manage Applications.
4. In the right pane, click ? and select Quarantine an application policy.
5. In Step 1 of the Application Control Wizard, click Next.
6. In Step 2, click the Include link.
7. In the Items Selector dialog, click ? , and select Dynamically Evaluated Filters
> Win32 Executable File Filter.
8. In the Win32 Executable File Filter dialog, enter the following in the appropriate fields:
? Name - Quarantine Malicious Applications
? File Name - Malicious application.exe
9. Click Apply and close the dialog.
10. In the Items Selector dialog, click ?, select the newWin32 Executable File
Filter, and click Apply.
11. In Step 3, Enable the policy, configure the policy as follows, and click Apply:
? Name - Quarantine Malicious Applications.
? Description - This is a sample policy for demonstrating the quarantine capabilities of Application Control Solution.
12. Run malicious application.exe on the managed computer.
13. A message appears and the file is moved to C:\quarantined files.
| Child pages (Children Display) |
|---|