Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

What is Application Orangelisting?

Application orangelisting takes action on applications that you have not explicitly trusted in your environment in an attempt to mitigate exposure to malware. Orangelisting is a dynamic method of managing applications that are not included on the whitelist or the blacklist. Orangelisting allows potentially trusted applications to run securely.

Arellia's Application Control Solution allows you to manage applications flexibly in a large, distributed client environment by putting:

  • known trusted applications in a whitelist
  • potentially trusted applications in an orangelist (also known as a graylist)
  • everything else in a blacklist

[[You can utilize a second attribute from the preceding list for whitelisted applications that will fall out of the whitelist range and into the orange list. Furthermore, applications that are whitelisted can also be added to the orange list. Often times, unknown software will fall between black and white, which is where an orangelist approach makes sense.]]

Instead of putting an unknown application into an automatic blacklist, you can apply a flexible policy that includes one or more actions such as running with demoted privileges, running read-only, notifying end users of corporate policy or running in a virtual layer.   You can place applications that are potentially trusted in an orangelist and in some cases this can be the only other policy.   By limiting an application’s impact to the operating system and other software, end users can use a piece of software and allow IT to review the software for black or white listing at a later date. At that later date a piece of software could be permanently allowed, denied for risk or legal reasons, or moved to a permanent orangelist. 

Orangelist: Potentially trusted applications need to run, but with fewer rights.

Orangelisting by Trusted Location

Most software environments are dynamic resulting in situations that are not necessarily black and white. Many whitelisting solutions automatically blacklist any software that isn’t in a whitelist. While this is achievable with Application Control Solution, Arellia’s experience has found that this approach results in denials of service and angry users. To protect against a changing environment, the concept of Orangelisting (also known as graylisting) should be used for applications that are potentially trusted, but not in a whitelist. 

 In the case of Orangelists, they should target trusted software on a dimension different than the whitelist. One approach could be to trust software from certain vendors, certain digital signatures, or certain locations. 

 Orangelist policies have actions other than allow or denial of execution.   Orangelist policies is dynamic mitigation against potential threats, and that’s where zero day protection comes into play. 

Orangelisting actions:

  • Limit file access
  • Reduced process rights
  • Virtualized executions





  • No labels