Index

This chapter covers the most common tasks when working with Application Control Solution (ACS). Creating Application Actions http://portal.arellia.com/wiki/display/ACSDOC/Creating+Application+Actions Creating an Application Filter http://portal.arellia.co

ACS User Interface When Application Control Solution is installed, folders and items are placed in various tabviews of the Altiris Console. You can use these folders and items to control applications throughout your organization. The Software Management f

Application Actions The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environme

Application Control Agent Configuration This policy lets you configure general parameters than control the behavior of the Application Control Agent. To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Co

Application Control Agent For Windows See Application Control Agent Configuration http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Agent+Configuration Application Control Agent Rollout, Uninstall or Upgrade http://portal.arellia.com/wiki/

Application Control Agent Package page This page lets you create a package used by Application Control Agent installation policies as needed when performing an agent rollout or uninstallation. Generally, we recommend not changing any settings to this pack

Application Control Agent Rollout, Uninstall or Upgrade page This is a generic policy that can be used for several things, including agent rollout and uninstallation, and solution agent rollout, upgrade, and uninstallation. ACA.png Item Description Enable

Application Control Agent Uninstall page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Application Control > Configuration > Application Control Agent for Windows >

Application Control The following folders and items are used to manage applications: Application Actions http://portal.arellia.com/wiki/display/ACSDOC/Application+Actions Application Control Policies http://portal.arellia.com/wiki/display/ACSDOC/Applicati

Application Control Policies Application Control policies determine whether or not application actions are run before an end user can run an application. Adobe download manager deny policy - Allow Microsoft Installer Policy - Enable any Windows Installer

To locate these reports: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > Application Control The installed reports are: Report Category Report Name Agent Information Agent Insta

An application filter defines the applications (groups of files) that can be restricted by an Application Control Policy. There are two types of filters, Dynamic and Inventory. They, along with their subtypes are listed below: To access the Application F

Application Initiation Policy NOTE: With the version 7.1 release standard Application Control and Application Initiation policies have been combined. Now whether you need application elevation or UAC suppression, simply pick the Blank Application Contro

Arellia Infrastructure Page See Gauges http://portal.arellia.com/wiki/display/ACSDOC/Gauges Report Queries http://portal.arellia.com/wiki/display/ACSDOC/Report+Queries Resource Discovery http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery

This section describes the process involved in automatic document encryption. For this scenario you will create a policy to enforce document encryption for all Microsoft Excel Spreadsheets. Scenario description In this scenario, the end user has: Two user

File Inventory Scan Catalog Files - Scans the security catalog folder so as to be able to discover details of Security Catalogs. Scan Executables in Windows Directories - Scans all executables in Windows directories and reports their presence (or not) in

Configuration Folder See Application Control Agent for Windows http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Agent+For+Windows Arellia Infrastructure http://portal.arellia.com/wiki/display/ACSDOC/Arellia+Infrastructure File Inventory

Application Control policies determine whether certain actions run before an end user can run an application. For example, a policy might deny an application the ability to execute or quarantine the application when a user attempts to run the application.

To access the Application Filters: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Policies > Application Control > Application Filters AC2.png To create an application filter: Choose the

To locate these actions: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Policies > Application Control > Application Actions AC.png Choose the action you want to create. To create an acti

Default File Inventory Policy page The Default File Inventory Policy discovers information about software programs running on managed computers. By default, this runs daily. To manually run the File Inventory Policy on a managed computer at any time, per

Elevate the built-in Windows Backup utility on Windows Vista and Windows 7 operating systems by doing the following steps: Create a new File Specification Filter: On the Policies tab, navigate to Policies > Arellia > Application Control Tasks > Applicatio

See Default Inventory Package New Client Job

File Inventory Agent For Windows Page FIA.png See Default File Inventory Policy http://portal.arellia.com/wiki/display/ACSDOC/Default+File+Inventory+Policy File Inventory Agent Install http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory+Agent+Ins

File Inventory Agent Install page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Install This page i

File Inventory Agent Package page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Package This page l

File Inventory Agent Uninstall page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Uninstall This pa

File Inventory Agent Upgrade page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > Settings > File Inventory Agent Upgrade

File Inventory Filters A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control Policy. To access file inven

The following folders and items are used to manage applications: File Scanning Policies http://portal.arellia.com/wiki/display/ACSDOC/File+Scanning+Policies+Folder Filters http://portal.arellia.com/wiki/display/ACSDOC/Filters+Page To access these folders:

To locate these reports: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > File Inventory The installed reports are: Report Category Report Name Agent Information File Inventory Ag

File Scanning Policies File scanning policies scan managed computers for application file types (Example: ITunes files within Windows directories) and reports back to the Notification Server. To create a file scanning policy: In the Symantec Management Co

File scanning policies scan managed computers for application file types (Example: iTunes files within Windows directories) and reports back to the Notification Server. For more information on how to create a file scanning policy, see File Scanning Polici

A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control Policy. For more information on file inventory filt

Gauges page Select from the following Gauge choices: Gauge Categories Gauge Queries Gauge States Gauge Types Gauges

The Getting Started tasks guide you through the basic setup, configuration, and use of Application Control Solution. You can use the Home page in the Symantec Management Console to access most tasks. The Symantec Management Console is the primary interfac

Application Control Solution 7.0 product documentation This is the product documentation for the current release of ACS. To find your way around, please use the left panel to browse the document tree or search. Or start at the beginning. If you are lookin

{index}{index}

This chapter details the installation requirements and procedures. Prerequisites The following software must be installed before installing Application Control Solution on Notification Server: Altiris® Notification Server™ 7.0 SP3 (or later). For informat

The Application Control Agent is software that you can install on your managed computers. The agent lets Application Control Solution run policies, manage applications, and run defined actions. You can install the agent from the policies in the Applicatio

Application-level security attack, such as file system corruption, registry corruption, spyware, and keylogging, pose a serious threat to mission critical business operations. Arellia Application Control Solution™ software helps you manage this risk by al

A feature of this solution is that most tasks, policies, and filtering can be done through the Manage Applications page. The applications viewed in the Manage Applications grid are from the Summary of Win32 Executables report. To manage the applications:

The Application Control Solution lifecycle is represented by the following graphic: life cycle.jpg File discovery After installing Application Control Solution, you must install the File Inventory Agent on managed computers. Installing the File Inventory

Policies Folder You can work with two main types of policies: Application Control http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Folder File Inventory http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory+Folder To access these f

This scenario shows you how to prevent the end user from running cmd.exe. Scenario description In this scenario: The end user has run C:\windows\system32\cmd.exe at least once since the Application Control Agent was installed. File Inventory Agent has ret

Scenario description In this scenario, the end user has the following installed: Microsoft Word Microsoft Excel Scenario resolution On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc. In the Symant

This scenario shows you how to quarantine a known malicious application. Scenario description Copy and rename cmd.exe: "C:\Virus\malicious application.exe". Scenario resolution On the managed computer, create the Microsoft Word document C:\document\import

Report Queries Page Choose from three types of Queries: Application Control File Inventory Local Security

This section details the folders and items that Application Control Solution installs on the Reports tab. You can use or edit default reports, or create your own to help you analyze application control information. Reports are created for Application Con

Resource Discovery Page See Resource Discovery Agents http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery+Agents Resource Discovery Update http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery+Update Server Discoverers http://port

Resource Discovery Agents page This policy controls how often the File Inventory Agent inventories managed computers and reports back to the Notification Server. To access the Resource Discovery Agents: In the Symantec Management Console, on the Home menu

Resource Discovery Update The Resource Discovery Update page lets you configure the schedule for calculating what Notification Server Resources need additional client or server side discovery. The task enumerates all server and client side Resource Discov

Resource Purging The resource Purging policy lets you perform a periodic database cleanup and remove any file and digital certificate resources that are no longer associated with any computers. By default, the schedule runs daily. To access and enable thi

Packages.png

This scenario describes the process involved in restricting an application's process rights. This sample scenario guides you through the necessary steps, using the default Limit Internet Explorer and Outlook process rights policy. Scenario description In

After the Application Control Agent has been installed, the solution performs an application inventory. This inventory is gathered by the Default File Inventory Policy and the Default File Discovery Policy. You might want to view a summary of all of the W

This scenario shows you how to capture application data in a Software Virtualization Solution layer. Scenario description In this scenario, the end user has the following installed: Microsoft Word Scenario resolution On the managed computer, create the Mi

This section describes some useful tasks you can create with Application Control Solution. Task prerequisites Ensure the following Application Control policies are enabled: Application Control Agent Configuration Policy - Set Send Application Action Event

Security Rating Application Control Solution lets you rate all discovered applications. You can add them to Blacklist, Whitelist, Unclassified or Graylist collections, which can be used for filtering when creating policies. To manage the applications: In

Server Discoverers page To access the Server Discoverers page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > Arellia Infrastructure > Resource Discovery > Server Discover

See Send Disclosed Email to Primary User Job Send Email Reminder for Checked Out User Password

Obtain Primary User Obtain User Email Address Sample Computer NS Agent Details Changed Email Sample DCOM Resource Discovery Email Sample Security Descriptor Resource Discovery Email Use Account Password Checked Out Reminder Email User Password Disclosed E

The following folders and items are used to manage applications: Client Tasks http://portal.arellia.com/wiki/display/ACSDOC/Client+Tasks File Inventory http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory Server Jobs http://portal.arellia.com/wiki

To track all policies enforced by Application Control Solution, run the Application Actions by Computers report. AA2.png In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > Applicati

In this scenario you will create a reference system whitelist policy that targets a collection of computers, searches for Windows executables, then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applicat

This scenario takes you through the process of creating an application control policy to inventory Microsoft and Adobe applications and add them to a whitelist, marking them as safe to be used in your environment. Once the policy has been created, it will