Application Actions
The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environment in which the application will run or be restricted.
|
Note |
To access the Application Actions:
- Go to Arellia Security Manager and click on the Policies tab
- Select Policies > Arellia > Application Control > Windows > Application Control Tasks > Application Actions
The default application actions are described in detail in the following table:
Action |
Description |
---|---|
Active X Installer |
The ActiveX installer action allows an application (Example: Internet Explorer) to automatically install ActiveX components at an elevated privilege level. ActiveX Components are reported by the File Inventory "Com Component Inventory" policy, which reports on downloaded ActiveX components. |
Application Metering |
The Application Metering action meters the usage of applications. It reports the usage according to application control agent "Send Events" configuration option. There are no configurable options for this action. |
Deny File Access |
|
Deny Read/ Write Access To Microsoft Office Documents |
Deny read or write access to Microsoft* Office documents by selecting the appropriate check box. Filter the application by:
|
Deny Write Access to Executable Files |
Deny write access to common executable files. Filter the application by:
|
New Deny File Access Action |
Deny a file read or write access by selecting the appropriate check box. Filter the application by:
|
Encrypt Application Files |
|
Encrypt Common Application Documents |
Encrypt an application's documents. Filter the application by:
|
Encrypt Microsoft Office Documents |
Encrypt Microsoft Office documents. Filter the application by:
|
Messages |
|
Deny Execute Message |
Configure this message to appear when a user attempts to run a certain application. You can configure:
|
Deny Files Read and Write Access Message |
Configure this message to appear when a user has read or write restrictions on a certain application. You can configure:
|
Limit Process Rights for New Applications Message |
Configure this message to appear to the user informing them that an application has had its rights reduced. This message is configured the same as Default Deny Execute Message, above. |
Quarantine Message |
Configure this message to appear when you have quarantined an application. This message is configured the same as Default Deny Execute Message, above. |
Remove Rights Message |
Configure this message to appear when you have restricted a user's rights on an application. This message is configured the same as Default Deny Execute Message, above. |
SVS Global Layer User Message |
Configure this message to appear when a user opens an application placed into the global virtualization layer. This message is configured the same as Default Deny Execute Message, above. |
SVS Isolation Layer User Message |
Configure this message to appear when a user opens an application placed into the isolation virtualization layer. This message is configured the same as Default Deny Execute Message, above. |
Windows Hooking Message |
Configure this message to appear when you prevent an application from starting, as the software may attempt to perform a restricted operation. You can configure:
|
New Display user Message Action |
Configure a new message to appear when a certain action is performed. This message is configured the same as Default Deny Execute Message, above. |
Process Rights |
|
Add Administrative Rights |
This action elevates the permissions and privileges held by a process security token. By default, each process a user launches inherits the user's security token. You can configure:
|
Remove Administrative Rights |
This action is the same as Default Add Administrative Rights except Restrict is enabled by default. |
Quarantine |
|
File Quarantine |
Create a quarantine path for applications. You can:
|
New File Quarantine |
Create a new quarantine path for applications. You can:
|
SVS Layers |
|
Application Control SVS Global Layer |
Create an SVS layer that certain applications must run under. You can:
|
Application Control SVS Isolation Layer |
Create an SVS layer that certain applications must run under. You can:
|
New Apply SVS Layer Action |
Create a new SVS layer that certain applications must run under. You can:
|
Deny Execute |
Prevent a managed computer from executing an application. Enter an action name and description in the appropriate fields. |
Deny Windows Hooking |
Prevent applications from hooking into Windows functions. Enter an action name and description in the appropriate fields. |