Index
Space Index
|
|||||||||||||||||||||||||||||||
0-9 |
AACS Features & FunctionsThis chapter covers the most common tasks when working with Application Control Solution (ACS). Creating Application Actions http://portal.arellia.com/wiki/display/ACSDOC/Creating+Application+Actions Creating an Application Filter http://portal.arellia.co
ACS User Interface
ACS User Interface When Application Control Solution is installed, folders and items are placed in various tabviews of the Altiris Console. You can use these folders and items to control applications throughout your organization. The Software Management f
Application Actions
Application Actions The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environme
Application Control Agent Configuration
Application Control Agent Configuration This policy lets you configure general parameters than control the behavior of the Application Control Agent. To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Co
Application Control Agent For Windows
Application Control Agent For Windows See Application Control Agent Configuration http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Agent+Configuration Application Control Agent Rollout, Uninstall or Upgrade http://portal.arellia.com/wiki/
Application Control Agent Package Page
Application Control Agent Package page This page lets you create a package used by Application Control Agent installation policies as needed when performing an agent rollout or uninstallation. Generally, we recommend not changing any settings to this pack
Application Control Agent Rollout, Uninstall or Upgrade
Application Control Agent Rollout, Uninstall or Upgrade page This is a generic policy that can be used for several things, including agent rollout and uninstallation, and solution agent rollout, upgrade, and uninstallation. ACA.png Item Description Enable
Application Control Agent Uninstall
Application Control Agent Uninstall page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Application Control > Configuration > Application Control Agent for Windows >
Application Control Folder
Application Control The following folders and items are used to manage applications: Application Actions http://portal.arellia.com/wiki/display/ACSDOC/Application+Actions Application Control Policies http://portal.arellia.com/wiki/display/ACSDOC/Applicati
Application Control Policies
Application Control Policies Application Control policies determine whether or not application actions are run before an end user can run an application. Adobe download manager deny policy - Allow Microsoft Installer Policy - Enable any Windows Installer
Application Control Solution reports
To locate these reports: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > Application Control The installed reports are: Report Category Report Name Agent Information Agent Insta
Application filters
An application filter defines the applications (groups of files) that can be restricted by an Application Control Policy. There are two types of filters, Dynamic and Inventory. They, along with their subtypes are listed below: To access the Application F
Application Initiation Policy
Application Initiation Policy NOTE: With the version 7.1 release standard Application Control and Application Initiation policies have been combined. Now whether you need application elevation or UAC suppression, simply pick the Blank Application Contro
Arellia Infrastructure
Arellia Infrastructure Page See Gauges http://portal.arellia.com/wiki/display/ACSDOC/Gauges Report Queries http://portal.arellia.com/wiki/display/ACSDOC/Report+Queries Resource Discovery http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery
Automate document encryption
This section describes the process involved in automatic document encryption. For this scenario you will create a policy to enforce document encryption for all Microsoft Excel Spreadsheets. Scenario description In this scenario, the end user has: Two user
|
||||||||||||||||||||||||||||||
B |
CClient tasksFile Inventory Scan Catalog Files - Scans the security catalog folder so as to be able to discover details of Security Catalogs. Scan Executables in Windows Directories - Scans all executables in Windows directories and reports their presence (or not) in
Configuration Folder
Configuration Folder See Application Control Agent for Windows http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Agent+For+Windows Arellia Infrastructure http://portal.arellia.com/wiki/display/ACSDOC/Arellia+Infrastructure File Inventory
Creating an Application Control policy
Application Control policies determine whether certain actions run before an end user can run an application. For example, a policy might deny an application the ability to execute or quarantine the application when a user attempts to run the application.
Creating an application filter
To access the Application Filters: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Policies > Application Control > Application Filters AC2.png To create an application filter: Choose the
Creating Application Actions
To locate these actions: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Policies > Application Control > Application Actions AC.png Choose the action you want to create. To create an acti
|
||||||||||||||||||||||||||||||
DDefault File Inventory PolicyDefault File Inventory Policy page The Default File Inventory Policy discovers information about software programs running on managed computers. By default, this runs daily. To manually run the File Inventory Policy on a managed computer at any time, per
|
EElevate Windows backup on Windows Vista and Windows 7Elevate the built-in Windows Backup utility on Windows Vista and Windows 7 operating systems by doing the following steps: Create a new File Specification Filter: On the Policies tab, navigate to Policies > Arellia > Application Control Tasks > Applicatio
|
||||||||||||||||||||||||||||||
FFile inventorySee Default Inventory Package New Client Job
File Inventory Agent For Windows
File Inventory Agent For Windows Page FIA.png See Default File Inventory Policy http://portal.arellia.com/wiki/display/ACSDOC/Default+File+Inventory+Policy File Inventory Agent Install http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory+Agent+Ins
File Inventory Agent Install
File Inventory Agent Install page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Install This page i
File Inventory Agent Package
File Inventory Agent Package page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Package This page l
File Inventory Agent Uninstall
File Inventory Agent Uninstall page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Uninstall This pa
File Inventory Agent Upgrade
File Inventory Agent Upgrade page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > Settings > File Inventory Agent Upgrade
File Inventory Filters
File Inventory Filters A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control Policy. To access file inven
File inventory folder
The following folders and items are used to manage applications: File Scanning Policies http://portal.arellia.com/wiki/display/ACSDOC/File+Scanning+Policies+Folder Filters http://portal.arellia.com/wiki/display/ACSDOC/Filters+Page To access these folders:
File inventory reports
To locate these reports: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > File Inventory The installed reports are: Report Category Report Name Agent Information File Inventory Ag
File Scanning Policies
File Scanning Policies File scanning policies scan managed computers for application file types (Example: ITunes files within Windows directories) and reports back to the Notification Server. To create a file scanning policy: In the Symantec Management Co
File scanning policies folder
File scanning policies scan managed computers for application file types (Example: iTunes files within Windows directories) and reports back to the Notification Server. For more information on how to create a file scanning policy, see File Scanning Polici
Filters page
A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control Policy. For more information on file inventory filt
|
GGaugesGauges page Select from the following Gauge choices: Gauge Categories Gauge Queries Gauge States Gauge Types Gauges
Getting started
The Getting Started tasks guide you through the basic setup, configuration, and use of Application Control Solution. You can use the Home page in the Symantec Management Console to access most tasks. The Symantec Management Console is the primary interfac
|
||||||||||||||||||||||||||||||
HHomeApplication Control Solution 7.0 product documentation This is the product documentation for the current release of ACS. To find your way around, please use the left panel to browse the document tree or search. Or start at the beginning. If you are lookin
|
IIndex{index}{index}
Installation
This chapter details the installation requirements and procedures. Prerequisites The following software must be installed before installing Application Control Solution on Notification Server: Altiris® Notification Server™ 7.0 SP3 (or later). For informat
Installing the Application Control agent
The Application Control Agent is software that you can install on your managed computers. The agent lets Application Control Solution run policies, manage applications, and run defined actions. You can install the agent from the policies in the Applicatio
Introduction
Application-level security attack, such as file system corruption, registry corruption, spyware, and keylogging, pose a serious threat to mission critical business operations. Arellia Application Control Solution™ software helps you manage this risk by al
|
||||||||||||||||||||||||||||||
J |
K |
||||||||||||||||||||||||||||||
L |
MManage applicationsA feature of this solution is that most tasks, policies, and filtering can be done through the Manage Applications page. The applications viewed in the Manage Applications grid are from the Summary of Win32 Executables report. To manage the applications:
|
||||||||||||||||||||||||||||||
N |
OOverviewThe Application Control Solution lifecycle is represented by the following graphic: life cycle.jpg File discovery After installing Application Control Solution, you must install the File Inventory Agent on managed computers. Installing the File Inventory
|
||||||||||||||||||||||||||||||
PPolicies FolderPolicies Folder You can work with two main types of policies: Application Control http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Folder File Inventory http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory+Folder To access these f
Prevent malicious applications from running
This scenario shows you how to prevent the end user from running cmd.exe. Scenario description In this scenario: The end user has run C:\windows\system32\cmd.exe at least once since the Application Control Agent was installed. File Inventory Agent has ret
Prevent read and write to file types or network locations
Scenario description In this scenario, the end user has the following installed: Microsoft Word Microsoft Excel Scenario resolution On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc. In the Symant
|
QQuarantine FilesThis scenario shows you how to quarantine a known malicious application. Scenario description Copy and rename cmd.exe: "C:\Virus\malicious application.exe". Scenario resolution On the managed computer, create the Microsoft Word document C:\document\import
|
||||||||||||||||||||||||||||||
RReport QueriesReport Queries Page Choose from three types of Queries: Application Control File Inventory Local Security
Reports folder
This section details the folders and items that Application Control Solution installs on the Reports tab. You can use or edit default reports, or create your own to help you analyze application control information. Reports are created for Application Con
Resource Discovery
Resource Discovery Page See Resource Discovery Agents http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery+Agents Resource Discovery Update http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery+Update Server Discoverers http://port
Resource Discovery Agents
Resource Discovery Agents page This policy controls how often the File Inventory Agent inventories managed computers and reports back to the Notification Server. To access the Resource Discovery Agents: In the Symantec Management Console, on the Home menu
Resource Discovery Update
Resource Discovery Update The Resource Discovery Update page lets you configure the schedule for calculating what Notification Server Resources need additional client or server side discovery. The task enumerates all server and client side Resource Discov
Resource Purging
Resource Purging The resource Purging policy lets you perform a periodic database cleanup and remove any file and digital certificate resources that are no longer associated with any computers. By default, the schedule runs daily. To access and enable thi
Resources folder
Packages.png
Restrict an application's process rights
This scenario describes the process involved in restricting an application's process rights. This sample scenario guides you through the necessary steps, using the default Limit Internet Explorer and Outlook process rights policy. Scenario description In
Reviewing application inventory
After the Application Control Agent has been installed, the solution performs an application inventory. This inventory is gathered by the Default File Inventory Policy and the Default File Discovery Policy. You might want to view a summary of all of the W
Run an application in an SVS layer
This scenario shows you how to capture application data in a Software Virtualization Solution layer. Scenario description In this scenario, the end user has the following installed: Microsoft Word Scenario resolution On the managed computer, create the Mi
|
SSample scenariosThis section describes some useful tasks you can create with Application Control Solution. Task prerequisites Ensure the following Application Control policies are enabled: Application Control Agent Configuration Policy - Set Send Application Action Event
Security Rating
Security Rating Application Control Solution lets you rate all discovered applications. You can add them to Blacklist, Whitelist, Unclassified or Graylist collections, which can be used for filtering when creating policies. To manage the applications: In
Server Discoverers
Server Discoverers page To access the Server Discoverers page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > Arellia Infrastructure > Resource Discovery > Server Discover
Server jobs
See Send Disclosed Email to Primary User Job Send Email Reminder for Checked Out User Password
Server Tasks
Obtain Primary User Obtain User Email Address Sample Computer NS Agent Details Changed Email Sample DCOM Resource Discovery Email Sample Security Descriptor Resource Discovery Email Use Account Password Checked Out Reminder Email User Password Disclosed E
|
||||||||||||||||||||||||||||||
TTask management folderThe following folders and items are used to manage applications: Client Tasks http://portal.arellia.com/wiki/display/ACSDOC/Client+Tasks File Inventory http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory Server Jobs http://portal.arellia.com/wiki
Tracking policies
To track all policies enforced by Application Control Solution, run the Application Actions by Computers report. AA2.png In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > Applicati
TreeNavigation
|
U |
||||||||||||||||||||||||||||||
V |
WWhitelisting reference systemsIn this scenario you will create a reference system whitelist policy that targets a collection of computers, searches for Windows executables, then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applicat
Whitelisting software packages
This scenario takes you through the process of creating an application control policy to inventory Microsoft and Adobe applications and add them to a whitelist, marking them as safe to be used in your environment. Once the policy has been created, it will
|
||||||||||||||||||||||||||||||
X |
Y |
||||||||||||||||||||||||||||||
Z |
!@#$ |