Application filters summary

Application filters

An application filter defines the applications (groups of files) that can be restricted by an Application Control Policy. There are three types of filters - Dynamic, File and Inventory. They, along with their subtypes are listed below:

Dynamic Filters - These filters are evaluated by the Altiris Agent and are used to apply security policies to applications not yet discovered but commonly used or downloaded.
- Application Context Filters - These filters are evaluated by the Altiris Agent and are used to apply security policies to applications in a user context.
- Command Line Filters - A commandline filter examines the commandline (excluding the primary executable) and applies a pattern match (Exact, Partial or Regular Expression).
- Environment Variables Filters - New to ACS 7.1 SP3 these filters are used for compatibility testing and user requested elevation.
- Network Location Filters - These filters are used to identify what network a computer is attached to.
- Secondary File Filters - A Secondary File filter addresses the situation where the intended action is not the primary executable (such as RunDll.exe), but rather a file specified within the commandline. It examines the commandline of an application to see whether there appears to be a secondary file. If so the secondary file filter applies the specified filters to the secondary file.
- Signed Application Filters - These filters are used to filter applications based on their digital certificate.
- Time of Day Filter - These filters allow an application filter to be applied based on the specific time an application is launched. The time details can be set individually for each day of week, or applied to the same period on all days.
- User Context Filters - These filters are evaluated by the Altiris Agent and are used to apply security policies to applications in a user context.

File Filters - These filters are used to filter applications based on their location and attributes.
- Application Compatibility Filters - New to ACS 7.1 SP3 these filters are used to detect administrative privileges that may be required.
- Drive Type Filters - These are filters that are used to specify a drive type.
- Executable Filters - These filters specify executables that are commonly used, such as - Instant Messaging applications, web browsers, mail clients, etc.
- Executable Headers Filters - Filter based on an executable header attributes.
- File Owner Filters - Filter based on the owner of the file.
- File Specification Filters - These filters use the location of the executable for filtering.
- File Type Filters - These filters use the extension or MIME type to filter.
- Manifest Present Filter - These filters test whether an executable has a security manifest.
- Security Catalogs Filter - These filters use the security catalogs to filter.
Inventory Filters - These collection-based filters are evaluated by the Notification Server and depend on file inventory data. They are used to apply application control policies for already discovered applications.
- File Parameter Collections - These filters use the inventory to create file scan results, package contents, and security catalog content to create filters.
- Security Rated Filters -These filters use inventory and the ratings that have been manually assigned to create filters.
- All Exectuables Discovered in Filters - These filters contain inventory data of executables found in the selected time frame.

Note
We recommend using the Application Control Wizard to create policies and to associate actions, filters, and target computers. See Creating an Application Control Policy.

To access the Application Filters:

Once you are in Arellia > Application Control select the Policies tab
Select Application Control > Filters

The following table lists all the filters available and a description of each.

Dynamic filters

Application Context Filters	Description
Interactive Users	You can apply policies to applications with interactive users. Select the appropriate check box and enter policy details in the fields provided.
LocalSystem and Service applications	You can apply policies to LocalSystem and Service applications. Select the appropriate check box and enter policy details in the fields provided.
Service Applications	You can apply policies to Service applications. Select the appropriate check box and enter policy details in the fields provided.
Commandline Filters	Description
	You can create application filters that are based on the commandline of the running application. Enter a filter name and description. Enter the Match Option you want to search for. Enter the Command line text you are searching for.
Environment Variables Filters	Description
Manual Application Compatibility Setting	You can use this predefined filter for application compatibility.
User Requested Run As Administrator	You can use this predefined filter for the right click self-elevate option.
Network Location Filters	Description
	You can create application filters that are based on which network the computer is attached to. Enter a filter name and description. Select an Item that you want to filter on.
Secondary File	Description
	You can create application filters that are based on the applications file target which is taken from the commandline. Enter a filter name and description. Select an Item that you want to filter on.
Signed Applications	Description
Microsoft Signed Applications	You can create a filter by associating a digital certificate. Enter a filter name and description. Include Digital Certificates - All files signed by a selected digital certificate will be included in this filter. For information on editing collections, see Notification Server Help.
Time of Day	Description
Business Hours (8:30AM to 5:30PM) Business Hours (8AM to 6PM) Business Hours (9AM to 5PM) Weekends	You can create a filter using certain hours. Enter a filter name and description. Select that time period(s) that you want to filter on.
User Context	Description
	You can create filters based on the group membership of the user.

File filters

Application Compatability	Description
	You can use or create these filters to filter by whether or not administrative privileges are required.
Drive Type	Description
	You can use or create these filters for what type of media or where an application is launched from.
Executable Filters	Description
Instant Messaging Applications - AOL Instant Messenger Google Talk MSN Messenger Skype Trillian Windows Messenger Yahoo! Messenger	You can apply security policies to any of the listed Instant Messaging applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can: Enter a filter name and description. Enter a File name and File path in the fields provided. (Optional) Click Include subdirectories to filter them also. Enter Win32 Executable File Information: Internal Name Original file name File version Product name Product version Company name
Internet Browsers - Firefox Internet Explorer	You can apply a security policy to the listed Internet applications. You can configure it the same as Instant Messaging Applications, above.
Mail Clients - Eudora Outlook Express	You can apply a security policy to the listed mail applications. You can configure it the same as Instant Messaging Applications, above.
Media Players - iTunes Microsoft Windows Media Player QuickTime RealPlayer Winamp	You can apply security policies to the listed Media Player applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.
MS Office Suite - MS Access MS Excel MS FrontPage MS Outlook MS Word Microsoft Installer Filer Filter Win32 Executables Discovered in the Last Week	You can apply security policies to the listed Microsoft Office Suite applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.
Executable Headers	Description
	You can use these to filter an executable filter by type based on it's header.
File Owner	Description
	You can use these filters to specify if an application should or should not be launched based on who the owner is.
File Specifications	Description
	You can use these filters to use the Default File Specification.
File Types	Description
	You can use these filters to specify the extension of a file or MIME type to filter.
Manifest	Description
	You can use these filters to filter programs that manifest administrative rights are needed.
Security Catalogs	Description
	You can use these filters to filter programs based on if they are found in the Security catalog.

Inventory filters

Filter	Description
File Parameter Collections	Collections listing all executables found with a specific paramter discovered by File Inventory on your managed computers. This collection can't be edited.
Security Rating	This folder contains: All Blacklist Applications All Orangelist Applications All Unclassified Applications All Whitelist Applications
All Executable Files Discovered in Last 2 Weeks	Collection listing all executables files discovered by File Inventory on your managed computers in the last two weeks. This collection can't be edited.
All Executable Files Discovered in Last Day	Collection listing all executables files discovered by File Inventory on your managed computers in the last day. This collection can't be edited.
All Executable Files Discovered in Last Month	Collection listing all executables files discovered by File Inventory on your managed computers in the previous month. This collection can't be edited.
All Executable Files Discovered in Last Week	Collection listing all executables files discovered by File Inventory on your managed computers in the last week. This collection can't be edited.

My filters

Use this folder to easily organize the filters you create.