Index

Space Index

0-9 ... 0 A ... 24 B ... 0 C ... 7 D ... 3 E ... 7
F ... 6 G ... 2 H ... 2 I ... 5 J ... 0 K ... 0
L ... 1 M ... 3 N ... 2 O ... 1 P ... 5 Q ... 1
R ... 10 S ... 6 T ... 3 U ... 1 V ... 0 W ... 2
X ... 0 Y ... 0 Z ... 0 !@#$ ... 0    

0-9

A

Page: ACS features and functions
This chapter covers the most common tasks when working with Application Control Solution. Creating Application Policies Creating Application Actions Creating application filters A full history of when particular features were introduced can be found here
Page: ACS installation
This chapter details the installation requirements and procedures for Application Control Solution. Prerequisites The following software must be installed before installing Application Control Solution on Notification Server: Altiris® Notification Server™
Page: Adjust process security
This action allows a process to be protected from most tampering by users. This feature was Introduced in version 7.1 SP3 Adjust process security In Arellia Application Control Solution 7.1 SP3 the ability to adjust process security was added. This featur
Page: Advanced feedback message
This feature was introduced in 7.1 SP3. This feature requires that the Microsoft .Net Framework is installed on client machines. Advanced Feedback Messages are used to collect justifications from the end user. These justifications can be for a request to
Page: Advanced user message action
These skinnable message actions can be used to inform users of company policy This feature was introduced in 7.1 SP3. This feature requires that the Microsoft .Net Framework is installed on client machines. There are four types of advanced feedback messag
Page: Analyzing application compatibility testing logs
This feature was introduced in 7.1 SP3. After using the Application Compatibility Testing action the Application Verifier Logs in Reports > Arellia > Application Control will show all events from the Microsoft Application Verifier. appcombat-logs.png Righ
Page: Application actions
The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environment in which the appl
Page: Application actions summary
The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environment in which the appl
Page: Application compatibility
Application Compatibility functionaly was first introduction in Application Control 7.1 SP3 When addressing application compatibility issues in preparation for a deployment of Windows® 7, among the most flexible and powerful tools available are applicatio
Page: Application compatibility action
Application Compatibility Action applies the dynamic application of Microsoft Application Compatibility Shims to the target process. This feature was Introduced in version 7.1 SP3 This feature only functions on 6.X OS Versions (Vista, Windows 2008, Window
Page: Application compatibility filter
Performs Application Compatibility tests as to whether a program is deemed to require specific security rights, or is an Application Setup This feature was introduced in version 7.1 SP3 This feature only functions on 6.X OS Versions (Vista, Windows 2008,
Page: Application Compatibility Testing action
Performs Standard User Analysis on the target process This feature was Introduced in version 7.1 SP3 This feature has no configurable properties and a single default instance is present The Application Compatibility Testing action leverages Microsoft LUA/
Page: Application control
To locate these reports: Once you are in Arellia > Application Control select the Reports tab Select Application Control reports.PNG The report categories installed are: Report Type Included Reports ActiveX Control ActiveX Controls Computers with ActiveX
Page: Application Control Agent Configuration
This policy lets you configure general parameters that control the behavior of the Application Control Agent. To access this page: Once you are in Arellia select the Configuration tab Select Settings > Agents/Plug-ins > Arellia > Application Control > App
Page: Application Control Agent for Windows
Application Control Agent for Windows See Application Control Agent Configuration http://portal.arellia.com/wiki/display/ACS71DOC/Application+Control+Agent+Configuration Application Control Agent Uninstall http://portal.arellia.com/wiki/display/ACS71DOC/A
Page: Application Control Agent package page
This page lets you create a package used by Application Control Agent installation policies as needed when performing an agent rollout or uninstallation. Generally, we recommend not changing any settings to this package. Navigate to Settings > Agents/Plug
Page: Application Control Agent rollout
This is a generic policy that can be used for several things, including agent rollout and uninstallation, and solution agent rollout, upgrade, and uninstallation. To access the rollout page: Once you are in Arellia > Application Control select the Configu
Page: Application Control Agent uninstall
To access this page: Once you are in Arellia > Application Control select the Configuration tab Select Application Control Agent For Windows > Application Control Agent Uninstall Choose which agent you wish to uninstall Select Uninstall Application Contro
Page: Application Control policy quick start
Creating an Application Control policy Application Control policies determine whether certain actions run before an end user can run an application. For example, a policy might deny an application the ability to execute or quarantine the application when
Page: Application Control Policy wizard
The policy wizard simplifies creation of common types of Application Control policies The Application Control Wizard was introduced in 7.1 SP1 The Application Control wizard is accessible via the Actions section in the top right of the Arellia Console Hom
Page: Application Control Solution (ACS) user interface
The Software Management folder is shared with the Altiris® Patch Management Solution™ software, Altiris® Software Virtualization Solution™ software, and Altiris® Software Delivery Solution™ software. When Application Control Solution is installed, folders
Page: Application filters summary
An application filter defines the applications (groups of files) that can be restricted by an Application Control Policy. There are three types of filters - Dynamic, File and Inventory. They, along with their subtypes are listed below: Dynamic Filters -
Page: Arellia infrastructure
See Gauges http://portal.arellia.com/wiki/display/ACS71DOC/Gauges Report Queries http://portal.arellia.com/wiki/display/ACS71DOC/Report+Queries Resource Discovery http://portal.arellia.com/wiki/display/ACS71DOC/Resource+Discovery Product licenses
Page: Automate Document Encryption
This section describes the process involved in automatic document encryption. For this scenario you will create a policy to enforce document encryption for all Microsoft Excel Spreadsheets. Scenario description In this scenario, the end user has: Two user

B

C

Page: Configuration Folder
Configuration Folder See Application Control Agent for Windows http://portal.arellia.com/wiki/display/ACS71DOC/Application+Control+Agent+for+Windows Arellia Infrastructure http://portal.arellia.com/wiki/display/ACS71DOC/Arellia+Infrastructure File Invent
Page: Configuring for a Test Environment
By default Application Control Agent configuration options are not set to readily test configuration changes in a test environment. The following agent configuration allows for accelerated feedback when testing Use Cases. Configure the Application Control
Page: Creating an Advanced Message dialog that uses fading and auto-closes
This feature is only available with Arellia Application Control Agent version 7.1.1685.0 onwards. Open up your Advanced message dialog in the Arellia console. Under the Window Design section of the dialog make the following changes: 1. In the <Window> ele
Page: Creating an Application Control policy
Application Control policies determine whether certain actions run before an end user can run an application. For example, a policy might deny an application the ability to execute or quarantine the application when a user attempts to run the application.
Page: Creating Application Actions
To locate these actions: From the Arellia Console click Policies Select Policies > Arellia > Application Control > Actions a1.PNG Choose the action you want to create: To create an action related to any of the existing action types, in the left pane, righ
Page: Creating Application Control policies
Application Control policies determine whether or not application actions are run before an end user can run an application. We recommend using the Application Control Policy wizard to create policies and to associate actions, filters, and target computer
Page: Creating application filters
To access the Application Filters, do the following steps: Once you are in Arellia > Application Control select the Policies tab Select Application Control > Filters f1.PNG To create an application filter: You can select from a variety of filters from thr

D

Page: Default file inventory policy
The Default File Inventory Policy discovers information about software programs running on managed computers. By default, this runs daily. To manually run the File Inventory Policy on a managed computer at any time, perform the following steps: Enable Pow
Page: Discovered file names appear blank under Altiris console
Issue Some reports when viewed in the Altiris console have a blank file name. The same reports viewed in the Arellia console show the correct file name. This occurs even after a full resource discovery has run successfully for the application in question.
Page: Dynamic Filters
Dynamic Filters are evaluted at runtime and are not tied to the particular application being run but by other factors Types of Dynamic Filters include: Application Context Filters - These filters are evaluated by the Altiris Agent and are used to apply se

E

Page: Elevate Add a Printer from Devices and Printers in Windows 7 for standard users
Issue Standard users in Windows 7 can open the Add a Printer window from Devices and Printers, but after selecting a printer to install they get prompted by User Account Control (UAC) for Administrator credentials. Solution Elevate Standard Users to allow
Page: Elevate Windows backup on Windows Vista and Windows 7
Elevate the built-in Windows backup utility on Windows Vista and Windows 7 operating systems by doing the following steps: From the Home tab in the Arellia Security Manager console, on the upper right, click Create Application Control Policy. Select Eleva
Page: Environment variable action
Sets the Environment of a process to contain the specified Environment Variable. This feature was Introduced in version 7.1 SP3 Environment variable action Sets the Environment of a process to contain the specified Environment Variable. This action can be
Page: Environment Variable Filter
Compares an Environment Variable of a process to a specified value This feature was introduced in version 7.1 SP3 Environment Variable Filter An Environment Variable Filter compares an environment variable of a process to a specified value. Standard Envir
Page: Event summary and acknowledgement
This feature was Introduced in version 7.1 SP3 Event Summary and Acknowledgement provides the ability to review recent Application Control events, acknowledge them, and assign them to a policy. The Event Summary viewer is found under Application Control.
Page: Executable filter
Tests file specifications and/or details contained with the Version Information resource Editing an excutable filter Enter a filter name and description. Enter a File name and File path in the fields provided. (Optional) Click Include subdirectories to fi
Page: Execute application action
Executes another process and optionally wait on that process completion before the original process can execute. This feature was Introduced in version 7.1 SP3 Application Control Solution 7.1 SP3 adds the ability to execute another process and optionally

F

Page: Feature History
7.1 SP1 Feature Additions 7.1 SP2 Feature Additions 7.1 SP3 Feature Additions
Page: File filters
File Filters target the actual executable that is being run, with numerous sub types targeting different aspects of executables Types of File Filters include: Application Compatibility Filters - New to ACS 7.1 SP3 these filters are used to detect administ
Page: File inventory filters
A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control Policy. To access file inventory filters: Once you
Page: File inventory reports
To locate these reports: Go to Arellia Security Manager and click on the Reports tab Select Reports > Arellia > File Inventory FI2.png The report categories installed are: Report Category Report Name Agent Information File Inventory Agent Installation S
Page: File owner filter
File Owner Filters target the Security Principal that is listed as the File Owner on NTFS file systems This feature was introduced in 7.1 SP2. Editing a file owner filter You may select multiple Security Principals. If any of the Security Principals match
Page: File scanning policies
File scanning policies scan managed computers for application file types (Example: ITunes files within Windows directories) and reports back to the Notification Server. To create a file scanning policy: Once you are in Arellia select the Policies tab Sele

G

Page: Gauges
Select from the following Gauge choices: Gauge Categories Configuration Product Monitor System Health Vulnerabilities Gauge Queries Computers Guest Account Enabled Percentage of Systems with Guest Account Enabled Windows Patch Compliance By Computer Gaug
Page: Getting started
The Getting started tasks guide you through the basic setup, configuration, and use of Application Control Solution (ACS). You can use the Home page in the Symantec Management Console to access most tasks. The Symantec Management Console is the primary in

H

Home page: Home
Application Control Solution 7.1 product documentation This is the product documentation for the current release of ACS. To find your way around, please use the left panel to browse the document tree or search. Or start at the beginning. If you are lookin
Page: How to prevent User Account Control (UAC) prompts
As of ACS 7.1 specific policies to bypass UAC is not required. Issue When running programs and some system configuration items, Windows Vista and Windows 7 with prompt the user to confirm and/or enter an administrator password. In many cases IT has deter

I

Page: Index
{index}{index}
Page: Installing Arellia products to the Symantec Management Platform (Notification Server)
Arellia 7 products are installed to the Symantec Management Platform via the Symantec Installation Manager. There is an Arellia product listing used to download and install Application Control Solution. Follow the steps in How to install Arellia version 7
Page: Installing the Application Control agent
The Application Control Agent is software that you can install on your managed computers. The agent lets Application Control Solution run policies, manage applications, and run defined actions. You can install the agent from the policies in the Applicatio
Page: Introduction
Introduction Application-level security attack, such as file system corruption, registry corruption, spyware, and keylogging, pose a serious threat to mission critical business operations. Arellia Application Control Solution™ software helps you manage th
Page: Inventory Filters
Inventory Filters are evaluted at runtime and are used to apply Application Control policies for already discovered applications. Types of Inventory Filters include: File Parameter Collections - These filters use the inventory to create file scan results

J

K

L

Page: License reclamation
This application reclaims Application Control licenses from managed computers with no Application Control agents installed. To access this section, go to Arellia Security Manager and click on the Configuration tab Select Settings > Arellia > Application C

M

Page: Manifest filter
Tests whether the application vendor has included a security manifest with the application, and optionally whether specific rights rights required are specified This feature was introduced in 7.1 SP3. The Mainfest Filter tests: whether the application ven
Page: Manual security rating
Manual Security Ratings are generally not used, but are included for backward compatibility with ACS 6.1. Typically combinations of Reference System whitelists, Package Contents whitelists and trust based Dynamic Filters are used instead of manual Securi
Page: Manual security rating filters
Manual Security Ratings are generally not used, but are included for backward compatibility with ACS 6.1. Typically combinations of Reference System whitelists, Package Contents whitelists and trust based Dynamic Filters are used instead of manual Securi

N

Page: Network Location Filter
Applies current network connectivity tests using Windows Network Location Awareness This feature was introduced in 7.1 SP2 This feature only functions on 6.X OS Versions (Vista, Windows 2008, Windows 7) The Network Location Filter works with Windows Netwo
Page: No required input advanced message action
This feature was introduced in 7.1 SP3. This feature requires that the Microsoft .Net Framework is installed on client machines. No required input messages differ from the Advanced Feedback Message Actions because they do not require a justification to co

O

Page: Overview
The Application Control Solution lifecycle is represented by the following graphic: life cycle.jpg File discovery After installing Application Control Solution, you must install the File Inventory Agent on managed computers. Installing the File Inventory

P

Page: Policies folder
The following folders and items are used to create and manage applications: Application Actions http://portal.arellia.com/wiki/display/ACS71DOC/Application+Actions Application Control Policies http://portal.arellia.com/wiki/display/ACS71DOC/Application+Co
Page: Policy priority management
This feature was introduced in version 7.1 SP1 Policy priority management allows for easy visualization and adjustment of ordering of Application Control policies. It is located in Application Control > Policy Priority Management. ppm1.PNG The Policy Prio
Page: Prevent malicious applications from running
This scenario shows you how to prevent the end user from running cmd.exe. Scenario description In this scenario: The end user has run C:\windows\system32\cmd.exe at least once since the Application Control Agent was installed. File Inventory Agent has ret
Page: Prevent Read and Write to File Types or Network Locations
Scenario description In this scenario, the end user has the following installed: Microsoft Word Microsoft Excel Scenario resolution On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc Once you are i
Page: Product licenses
This page displays the currently installed product licenses and allows you to add additional licenses. To access this page: Once you are in Arellia select the Home tab Select View/Install Licenses from the Actions window licenses1.PNG Alternatively to acc

Q

Page: Quarantine files
This scenario shows you how to quarantine a known malicious application. Scenario description Copy and rename cmd.exe: "C:\Virus\malicious application.exe". Scenario resolution On the managed computer, create the Microsoft Word document C:\document\import

R

Page: Report queries
rq1.PNG
Page: Reports folder
This section details the folders and items that Application Control Solution installs on the Reports tab. You can use or edit default reports, or create your own to help you analyze application control information. Reports are created for Application Cont
Page: Resource discovery
See Resource Discovery Agents http://portal.arellia.com/wiki/display/ACS71DOC/Resource+Discovery+Agents Server Discoverers http://portal.arellia.com/wiki/display/ACS71DOC/Server+Discoverers Resource Discovery Update http://portal.arellia.com/wiki/display
Page: Resource discovery agent configuration
The Default Resource Discovery Agent Policy determines the frequency of scanning files for their resource information. Files are inventoried separately at run time or via the file inventory policy. For performance optimization, only file hashes and locati
Page: Resource Discovery Agents
This policy controls how often the File Inventory Agent inventories managed computers and reports back to the Notification Server. To access the Resource Discovery Agents: Once you are in Arellia select the Configuration tab Select Arellia > Infrastructur
Page: Resource discovery update
The Resource Discovery Update page lets you configure the schedule for calculating what Notification Server Resources need additional client or server side discovery. The task enumerates all server and client side Resource Discoverers and either: For Serv
Page: Resource purging
Resource purging The resource purging policy lets you perform a periodic database cleanup and remove any file and digital certificate resources that are no longer associated with any computers. By default, the schedule runs daily. To access and enable thi
Page: Restrict an application's process rights
This scenario describes the process involved in restricting an application's process rights. This sample scenario guides you through the necessary steps, using the default Limit Internet Explorer and Outlook process rights policy. Scenario description In
Page: Reviewing application inventory
After the Application Control Agent has been installed, the solution performs an application inventory. This inventory is gathered by the Default File Inventory Policy and the Default File Discovery Policy. You might want to view a summary of all of the W
Page: Run an application in an SWV layer
This scenario shows you how to capture application data in a Symantec Workspace Virtualization layer. Scenario description In this scenario, the end user has the following installed: Microsoft Word Scenario resolution On the managed computer, create the M

S

Page: Self-Elevation
This feature was Introduced in version 7.1 SP3 Self-Elevation Self-Elevation was introduced in 7.1 SP3 as a way to enable the end user to request elevation to install or run applications. To enable Self-Elevation: Enable Self-Elevation in the Application
Page: Self-elevation without adding Administrator rights
This feature was Introduced in version 7.1 SP3. Using the default Self-Elevation, applications are launched with administrator rights after a justification is given. The following steps will allow a user to request elevation, but not add administrator rig
Page: Server discoverers
To access the server discoverers page: Once you are in Arellia select the Configuration tab Select Arellia > Infrastructure > Resource Discovery > Server Discoverers sd1.PNG Select from the following Server Discoverer choices: Common Configuration Enumera
Page: Standard Application Control Policies
Save time by using the Application Control Policy Wizard http://portal.arellia.com/wiki/x/t4AgAQ Creating an Application Control Policy Create a new application control policy by right-clicking Policies and selecting New > Blank Application Control Policy
Page: Standard Use Cases
See Configuring for a Test Environment for tips on improving time lags for testing scenarios
Page: Standard Windows 7 users install ActiveX
Issue In Windows Vista/7 standard users are unable to install ActiveX plug-ins. For Windows XP Users, Arellia offers the following solution http://portal.arellia.com/wiki/display/KB/Controlling ActiveX objects http://portal.arellia.com/wiki/display/KB/Con

T

Page: Task Management Folder
To access this folder: Once you are in Arellia select the Tasks tab tasks.PNG Arellia tasks Arellia tasks can be used to perform several tasks on the client and server systems. The following folders and items are used to manage applications: Client Tasks
Page: Tracking policies
To track all policies enforced by Application Control Solution, run the Application Actions by Computers report. Once you are in Arellia select the Reports tab Select Arellia > Application Control > Application Control Policy Enforcement Select Applicatio
Page: TreeNavigation

U

Page: Using Arellia to enable ActiveX installs
ActiveX with Arellia For Windows Vista, Windows 7, Windows 8.x and Windows 10 machines, Arellia utilizes the ActiveX Installer Service. For Windows XP, Arellia uses it's own mechanisms to elevate ActiveX installations. Both types of machines can be manage

V

W

Page: Whitelisting reference systems
In this scenario you will create a reference system whitelist policy that targets a collection of computers, searches for Windows executables, then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applicat
Page: Whitelisting software packages
This scenario takes you through the process of creating an application control policy to inventory Software Delivery Packages and add them to a whitelist, marking them as safe to be used in your environment. Once the policy has been created, inventorying

X

Y

Z

!@#$