Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

What is Application Blacklisting?

Application Blacklisting prevents unwanted applications from running in your environment, which protects your network from malware threats.

Arellia's Application Control Solution allows you to manage applications flexibly in a large, distributed client environment by putting:

  • known trusted applications in a whitelist
  • potentially trusted applications in an orangelist (also known as a graylist)
  • everything else in a blacklist

Bl is software you don’t want on your environment. You don’t necessarily bl base on file hashes or dig sig, but things like games, exe’s that are signed using bad dig sigs, apps that. . .target bad exe’s based on generic exe info and internal product names, it’s well known and you don’t want running in your environment. Bl policies are at P1. You don’t want to deny exe starting off – you want to monitor environment to monitor what should be on whitelist so you don’t end up causing everything not to exe. 

Automated blacklists are problematic, as they will break common functionality. 

 Exception Blacklisting should only be implemented after much analysis, end user education, and policy refinement. An exception blacklist will block any software that is not covered by Whitelist or Orangelist policies. 

Blacklisting Exceptions

Exception policy. . .this approach is a good initial step when rolling out policies as often times you don’t know what applications are actually exceptions. A policy will be created to blacklist or deny any policies that didn’t meet the Whitelist or Orangelist criteria. Prevent unnecessary helpdesk calls, create a custom message for the blacklist policy. 

 

  • No labels