Index

Space Index

0-9 ... 0 A ... 15 B ... 0 C ... 5 D ... 1 E ... 1
F ... 12 G ... 2 H ... 1 I ... 4 J ... 0 K ... 0
L ... 0 M ... 1 N ... 0 O ... 1 P ... 3 Q ... 1
R ... 10 S ... 5 T ... 3 U ... 0 V ... 0 W ... 2
X ... 0 Y ... 0 Z ... 0 !@#$ ... 0    

0-9

A

Page: ACS Features & Functions
This chapter covers the most common tasks when working with Application Control Solution (ACS). Creating Application Actions http://portal.arellia.com/wiki/display/ACSDOC/Creating+Application+Actions Creating an Application Filter http://portal.arellia.co
Page: ACS User Interface
ACS User Interface When Application Control Solution is installed, folders and items are placed in various tabviews of the Altiris Console. You can use these folders and items to control applications throughout your organization. The Software Management f
Page: Application Actions
Application Actions The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environme
Page: Application Control Agent Configuration
Application Control Agent Configuration This policy lets you configure general parameters than control the behavior of the Application Control Agent. To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Co
Page: Application Control Agent For Windows
Application Control Agent For Windows See Application Control Agent Configuration http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Agent+Configuration Application Control Agent Rollout, Uninstall or Upgrade http://portal.arellia.com/wiki/
Page: Application Control Agent Package Page
Application Control Agent Package page This page lets you create a package used by Application Control Agent installation policies as needed when performing an agent rollout or uninstallation. Generally, we recommend not changing any settings to this pack
Page: Application Control Agent Rollout, Uninstall or Upgrade
Application Control Agent Rollout, Uninstall or Upgrade page This is a generic policy that can be used for several things, including agent rollout and uninstallation, and solution agent rollout, upgrade, and uninstallation. ACA.png Item Description Enable
Page: Application Control Agent Uninstall
Application Control Agent Uninstall page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Application Control > Configuration > Application Control Agent for Windows >
Page: Application Control Folder
Application Control The following folders and items are used to manage applications: Application Actions http://portal.arellia.com/wiki/display/ACSDOC/Application+Actions Application Control Policies http://portal.arellia.com/wiki/display/ACSDOC/Applicati
Page: Application Control Policies
Application Control Policies Application Control policies determine whether or not application actions are run before an end user can run an application. Adobe download manager deny policy - Allow Microsoft Installer Policy - Enable any Windows Installer
Page: Application Control Solution reports
To locate these reports: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > Application Control The installed reports are: Report Category Report Name Agent Information Agent Insta
Page: Application filters
An application filter defines the applications (groups of files) that can be restricted by an Application Control Policy. There are two types of filters, Dynamic and Inventory. They, along with their subtypes are listed below: To access the Application F
Page: Application Initiation Policy
Application Initiation Policy NOTE: With the version 7.1 release standard Application Control and Application Initiation policies have been combined. Now whether you need application elevation or UAC suppression, simply pick the Blank Application Contro
Page: Arellia Infrastructure
Arellia Infrastructure Page See Gauges http://portal.arellia.com/wiki/display/ACSDOC/Gauges Report Queries http://portal.arellia.com/wiki/display/ACSDOC/Report+Queries Resource Discovery http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery
Page: Automate document encryption
This section describes the process involved in automatic document encryption. For this scenario you will create a policy to enforce document encryption for all Microsoft Excel Spreadsheets. Scenario description In this scenario, the end user has: Two user

B

C

Page: Client tasks
File Inventory Scan Catalog Files - Scans the security catalog folder so as to be able to discover details of Security Catalogs. Scan Executables in Windows Directories - Scans all executables in Windows directories and reports their presence (or not) in
Page: Configuration Folder
Configuration Folder See Application Control Agent for Windows http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Agent+For+Windows Arellia Infrastructure http://portal.arellia.com/wiki/display/ACSDOC/Arellia+Infrastructure File Inventory
Page: Creating an Application Control policy
Application Control policies determine whether certain actions run before an end user can run an application. For example, a policy might deny an application the ability to execute or quarantine the application when a user attempts to run the application.
Page: Creating an application filter
To access the Application Filters: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Policies > Application Control > Application Filters AC2.png To create an application filter: Choose the
Page: Creating Application Actions
To locate these actions: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Policies > Application Control > Application Actions AC.png Choose the action you want to create. To create an acti

D

Page: Default File Inventory Policy
Default File Inventory Policy page The Default File Inventory Policy discovers information about software programs running on managed computers. By default, this runs daily. To manually run the File Inventory Policy on a managed computer at any time, per

E

Page: Elevate Windows backup on Windows Vista and Windows 7
Elevate the built-in Windows Backup utility on Windows Vista and Windows 7 operating systems by doing the following steps: Create a new File Specification Filter: On the Policies tab, navigate to Policies > Arellia > Application Control Tasks > Applicatio

F

Page: File inventory
See Default Inventory Package New Client Job
Page: File Inventory Agent For Windows
File Inventory Agent For Windows Page FIA.png See Default File Inventory Policy http://portal.arellia.com/wiki/display/ACSDOC/Default+File+Inventory+Policy File Inventory Agent Install http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory+Agent+Ins
Page: File Inventory Agent Install
File Inventory Agent Install page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Install This page i
Page: File Inventory Agent Package
File Inventory Agent Package page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Package This page l
Page: File Inventory Agent Uninstall
File Inventory Agent Uninstall page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > File Inventory Agent Uninstall This pa
Page: File Inventory Agent Upgrade
File Inventory Agent Upgrade page To access this page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > File Inventory For Windows > Settings > File Inventory Agent Upgrade
Page: File Inventory Filters
File Inventory Filters A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control Policy. To access file inven
Page: File inventory folder
The following folders and items are used to manage applications: File Scanning Policies http://portal.arellia.com/wiki/display/ACSDOC/File+Scanning+Policies+Folder Filters http://portal.arellia.com/wiki/display/ACSDOC/Filters+Page To access these folders:
Page: File inventory reports
To locate these reports: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > File Inventory The installed reports are: Report Category Report Name Agent Information File Inventory Ag
Page: File Scanning Policies
File Scanning Policies File scanning policies scan managed computers for application file types (Example: ITunes files within Windows directories) and reports back to the Notification Server. To create a file scanning policy: In the Symantec Management Co
Page: File scanning policies folder
File scanning policies scan managed computers for application file types (Example: iTunes files within Windows directories) and reports back to the Notification Server. For more information on how to create a file scanning policy, see File Scanning Polici
Page: Filters page
A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control Policy. For more information on file inventory filt

G

Page: Gauges
Gauges page Select from the following Gauge choices: Gauge Categories Gauge Queries Gauge States Gauge Types Gauges
Page: Getting started
The Getting Started tasks guide you through the basic setup, configuration, and use of Application Control Solution. You can use the Home page in the Symantec Management Console to access most tasks. The Symantec Management Console is the primary interfac

H

Home page: Home
Application Control Solution 7.0 product documentation This is the product documentation for the current release of ACS. To find your way around, please use the left panel to browse the document tree or search. Or start at the beginning. If you are lookin

I

Page: Index
{index}{index}
Page: Installation
This chapter details the installation requirements and procedures. Prerequisites The following software must be installed before installing Application Control Solution on Notification Server: Altiris® Notification Server™ 7.0 SP3 (or later). For informat
Page: Installing the Application Control agent
The Application Control Agent is software that you can install on your managed computers. The agent lets Application Control Solution run policies, manage applications, and run defined actions. You can install the agent from the policies in the Applicatio
Page: Introduction
Application-level security attack, such as file system corruption, registry corruption, spyware, and keylogging, pose a serious threat to mission critical business operations. Arellia Application Control Solution™ software helps you manage this risk by al

J

K

L

M

Page: Manage applications
A feature of this solution is that most tasks, policies, and filtering can be done through the Manage Applications page. The applications viewed in the Manage Applications grid are from the Summary of Win32 Executables report. To manage the applications:

N

O

Page: Overview
The Application Control Solution lifecycle is represented by the following graphic: life cycle.jpg File discovery After installing Application Control Solution, you must install the File Inventory Agent on managed computers. Installing the File Inventory

P

Page: Policies Folder
Policies Folder You can work with two main types of policies: Application Control http://portal.arellia.com/wiki/display/ACSDOC/Application+Control+Folder File Inventory http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory+Folder To access these f
Page: Prevent malicious applications from running
This scenario shows you how to prevent the end user from running cmd.exe. Scenario description In this scenario: The end user has run C:\windows\system32\cmd.exe at least once since the Application Control Agent was installed. File Inventory Agent has ret
Page: Prevent read and write to file types or network locations
Scenario description In this scenario, the end user has the following installed: Microsoft Word Microsoft Excel Scenario resolution On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc. In the Symant

Q

Page: Quarantine Files
This scenario shows you how to quarantine a known malicious application. Scenario description Copy and rename cmd.exe: "C:\Virus\malicious application.exe". Scenario resolution On the managed computer, create the Microsoft Word document C:\document\import

R

Page: Report Queries
Report Queries Page Choose from three types of Queries: Application Control File Inventory Local Security
Page: Reports folder
This section details the folders and items that Application Control Solution installs on the Reports tab. You can use or edit default reports, or create your own to help you analyze application control information. Reports are created for Application Con
Page: Resource Discovery
Resource Discovery Page See Resource Discovery Agents http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery+Agents Resource Discovery Update http://portal.arellia.com/wiki/display/ACSDOC/Resource+Discovery+Update Server Discoverers http://port
Page: Resource Discovery Agents
Resource Discovery Agents page This policy controls how often the File Inventory Agent inventories managed computers and reports back to the Notification Server. To access the Resource Discovery Agents: In the Symantec Management Console, on the Home menu
Page: Resource Discovery Update
Resource Discovery Update The Resource Discovery Update page lets you configure the schedule for calculating what Notification Server Resources need additional client or server side discovery. The task enumerates all server and client side Resource Discov
Page: Resource Purging
Resource Purging The resource Purging policy lets you perform a periodic database cleanup and remove any file and digital certificate resources that are no longer associated with any computers. By default, the schedule runs daily. To access and enable thi
Page: Resources folder
Packages.png
Page: Restrict an application's process rights
This scenario describes the process involved in restricting an application's process rights. This sample scenario guides you through the necessary steps, using the default Limit Internet Explorer and Outlook process rights policy. Scenario description In
Page: Reviewing application inventory
After the Application Control Agent has been installed, the solution performs an application inventory. This inventory is gathered by the Default File Inventory Policy and the Default File Discovery Policy. You might want to view a summary of all of the W
Page: Run an application in an SVS layer
This scenario shows you how to capture application data in a Software Virtualization Solution layer. Scenario description In this scenario, the end user has the following installed: Microsoft Word Scenario resolution On the managed computer, create the Mi

S

Page: Sample scenarios
This section describes some useful tasks you can create with Application Control Solution. Task prerequisites Ensure the following Application Control policies are enabled: Application Control Agent Configuration Policy - Set Send Application Action Event
Page: Security Rating
Security Rating Application Control Solution lets you rate all discovered applications. You can add them to Blacklist, Whitelist, Unclassified or Graylist collections, which can be used for filtering when creating policies. To manage the applications: In
Page: Server Discoverers
Server Discoverers page To access the Server Discoverers page: In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Configuration > Arellia Infrastructure > Resource Discovery > Server Discover
Page: Server jobs
See Send Disclosed Email to Primary User Job Send Email Reminder for Checked Out User Password
Page: Server Tasks
Obtain Primary User Obtain User Email Address Sample Computer NS Agent Details Changed Email Sample DCOM Resource Discovery Email Sample Security Descriptor Resource Discovery Email Use Account Password Checked Out Reminder Email User Password Disclosed E

T

Page: Task management folder
The following folders and items are used to manage applications: Client Tasks http://portal.arellia.com/wiki/display/ACSDOC/Client+Tasks File Inventory http://portal.arellia.com/wiki/display/ACSDOC/File+Inventory Server Jobs http://portal.arellia.com/wiki
Page: Tracking policies
To track all policies enforced by Application Control Solution, run the Application Actions by Computers report. AA2.png In the Symantec Management Console, on the Home menu, click Arellia > Application Control In the left pane, select Reports > Applicati
Page: TreeNavigation

U

V

W

Page: Whitelisting reference systems
In this scenario you will create a reference system whitelist policy that targets a collection of computers, searches for Windows executables, then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applicat
Page: Whitelisting software packages
This scenario takes you through the process of creating an application control policy to inventory Microsoft and Adobe applications and add them to a whitelist, marking them as safe to be used in your environment. Once the policy has been created, it will

X

Y

Z

!@#$