Whitelisting reference systems in Arellia Management Server (AMS)

Owned by John Murphy (Deactivated)
Last updated: Feb 03, 2016 by Max Pinion (Deactivated)
3 min read

In this scenario you will create a reference system whitelist policy that targets a collection of computers, searches for Windows executables, then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applications already included in a security catalog to the whitelist.

Resource target

First you will need to create a resource target that contains the desired reference system(s).

  1. Open the Resources tab, expand the Resource Filters section
  2. Right click on Collections > Arellia > Application Control > Reference Systems and create a new Resource Target
  3. Supply a name and optional description and click OK
  4. Once the target configuration page is presented click on the Add rule button
  5. Create a rule that starts with all computers and then excludes computers not in Computer List and then select the computer resources that represent your reference system(s) 
  6. Click Save

File scan policy

Now that you have your targeting established you can create the file scan policy to populate the list of whitelisted files

  1. Open the Policies tab 
  2. Right click on the Arellia Solutions > File Inventory > Policies folder and create a new General Scheduled Client Task
    1. Give the task a name and optional description
    2. Set the client command to File Scan Command
    3. Set the resource target to the target created in the section above 
    4. Click OK
  3. Configure the policy settings as follows:
    1. File Specifications: Executables in Windows Directories
    2. Reporting Specifications: Executions in Windows Directories not present in Security Catalogs
  4. Configure the schedule interval for how often the file scan will execute
    Note that during the initial testing phase the file scan can be started manually using Windows Task Scheduler on the reference system

  5. Click Save

File parameter collection

Once the file scan has run on the reference system(s) you will have a list of all executables in the Windows directories that are not contained in a security catalog.

You can create a file parameter collection that contains this list of files which can then be used in a whitelist policy

  1. Open the Policies tab 
  2. Right click on the Arellia Solutions > Application Control > Filters > File Parameter Collections folder and create a new File Scan Results Filter
    1. Give the filter a name and optional description
    2. Click OK
  3. Configure the parameters to reflect the File Scan policy settings
    1. Set the File Scan Policy to the policy created in the above steps
    2. Set the Reporting Filter to the same one that was configured in the above steps
    3. Set the Results to be Included
    4. Click Save


Whitelist policy

Once all of the above steps have been completed you are able to put them all into a Reference System Whitelist Policy.

  1. Open the Policies tab 
  2. Right click on the Arellia Solutions > Application Control > Policies > Whitelisting folder and create a new Blank Application Control Policy
  3. Give the policy a name and optional description
  4. Set the Applications to the file parameter collection created above
  5. Under Policy Enforcement
    1. Set the Policy priority to be a number that is lower than your orange list / deny policy priorities
    2. Ensure that Continue enforcing policies after enforcing this policy is unchecked
  6. Click Save


You now have a working reference system whitelist policy configured.