Index
Space Index
|
|||||||||||||||||||||||||||||||
0-9 |
AActiveX Installers ActionsThe ActiveX Installer action allows an application, such as Internet Explorer, to enable standard users to install approved ActiveX components. This behavior mimics the ActiveX installer service in Windows Vista, Windows 7 and Windows 8. The ActiveX Inst
Adjust Process Security
Adjusting Process Security allows a process to be protected from most tampering by users. For example, adjusting process security can restrict who can stop a process from the task manager. We recommend that you adjust process security in a test environmen
Advanced Message Types
You can create advanced pop-up messages that appear when users attempt to start an application that requires them to justify access to the application. Advanced messages can also be used to let users know that an application is being blocked or usage of t
Analyzing Application Compatibility Testing Logs
After you have applied the Application Compatibility Testing Action, you can then verify the testing logs to see a list of applications that have compatibility issues. To verify Application Compatibility Testing Logs, do the following steps. In the Arelli
Application Analysis Policies
The Application Analysis folder includes the following built-in policies: Administrative Rights Required Detection Policy (Application Compatibility) - this policy detects applications that are deemed to require Administrative rights by Windows. Administr
Application Classification
Application Classification actions restrict applications from modifying certain items and will enforce standard Windows ACLs when the targeted application accesses restricted files, folders, registry keys, or services on a computer. (For details about how
Application Compatibility
When you migrate from Windows XP to Windows 7, you need to test whether the apps running on your network are compatible with the new OS, other applications, and device drivers. Arellia solutions can help you test whether applications will work with the ne
Application Compatibility Actions
Some older programs might run poorly or not at all on a newer operating system. The Application Control Solution includes actions that can test whether applications in your environment are compatible with a new operating system, and can also apply compati
Application Compatibility Filter
The Application Compatibility filter detects any administrative privileges that may be required. This feature only functions on 6.x OS versions: Vista, Windows 7, Windows 8, Server 2008, Server 2012. The Application Compatibility filter leverages Window
Application Compatibility Testing Policy
The Application Control Solution can enable you to analyze the compatibility of your applications with a new OS, other applications, and device drivers. To analyze application compatibility, do the following steps: Open the Arellia Security Manager Conso
Application Context Filters
Application Context filters apply security policies to applications in a user context. Interactive Users Filters Application Context filters are mostly applied to interactive users as a conditional filter for an application control policy. We recommend yo
Application Control Actions
Policies include actions that specify what will be done to identified applications when those applications are launched. Some policies have a default action built in. Following is a list of actions available in the Application Control Solution: Related Li
Application Control agent configuration
You can configure general parameters that control the behavior of the Application Control agent. To configure the Application Control agent, do the following steps: In the Arellia Security Manager Console, click the Configuration tab. In the file library
Application Control Filters
Policies include filters that identify applications to which actions are applied when those applications are launched. There are three types of filters: Dynamic Filters - These filters are used for specific purposes and users, such as interactive and non
Application Control Policies
Application Control policies determine if application actions can be run by particular end users before an application starts. Each policy contains filters and actions. Following is a list of policies available in the Application Control Solution: If you
Application Control Policy Wizard
Application Control policies determine whether certain actions will be taken, such as privilege elevation or denial, before end users can run an application. The easiest way to create Application Control policies is to use the Application Control Wizard,
Application Control Solution (ACS) data feeds
Arellia provides the following data feeds for the ACS: Approval Request Reports - these reports show historical application control approval requests. Package Whitelisting - provides the ability to right-click on an Application Control policies folder a
Application Control Solution (ACS) lifecycle
The following diagram illustrates everything that happens within the Application Control Solution (ACS) lifecycle. ACS Overview.jpg File inventory After installing ACS, you must install the File Inventory Agent on managed computers. The File Inventory A
Application Discovery
Application discovery is a process through which the applications installed and used on individual computers and networks are identified and collected. Application discovery is also used as a security measure to identify any unwanted or unverified applica
Application Metering
The Application Metering action measures application usage on endpoints. Application Metering.jpg
Auto-elevate Applications from Approved Websites
Application Control Solution can target applications based on where they were downloaded from (go to Download Source Filter https://www.arellia.com/wiki/display/acs8doc/Download+Source+Filter), which means that you can now allow standard users to install
Automate Document Encryption
In the following example we will show you how to automatically encrypt Microsoft Excel spreadsheets. In the Security Management Console, click the Policies tab. In the folder library in the left pane, navigate to Arellia > Application Control > Policies.
Automatically Create a Reference System Whitelist Policy
What's Covered Install the Data Feed Create a Resource Target Create a Reference System Whitelist Policy This document shows you how to automatically create a whitelist policy for your reference system that targets a collection of computers, searches fo
|
||||||||||||||||||||||||||||||
BBasic Message ActionBasic User Messages pop up from the task bar and provide feedback to users that specific applications are being blocked or usage of the application is being logged. Basic messages don't require end users to do anything. Types of Basic Messages Deny Execut
Blacklisting
What is Application Blacklisting? Application Blacklisting prevents unwanted applications from running in your environment. Arellia's Application Control Solution allows you to manage applications flexibly in a large, distributed client environment by put
|
CCommandline FiltersA Commandline filter examines the commandline of a running application (excluding the primary executable) and applies a pattern match (for example, an exact, partial or regular expression). System Utility Arguments Filters All of the commands in the Comma
Configuration
You must configure the Application Control Solution before you roll out agents, because depending on what you configure you will receive varying results.
Configuring for a test environment
You need to set Application Control agent configuration options to readily test configuration changes in a test environment. The agent configurations outlined in this document allow for accelerated feedback when testing Use Cases. Accelerated configuratio
Configuring resource discovery
Before you can apply policies, you must discover all of the resources (agents and servers) that you have to work with. Arellia optimizes the resource discovery process for both agents and servers. Arellia discovers agent file details once and then uses h
Create a New Basic Message Action
To create a new Basic Message Action, do the following steps: From the Arellia Security Manager Console, click the Policies tab. Navigate to Policies > Arellia Solutions > Application Control > Actions > Messages. Right-click Basic and click New > Display
Create a Reference System Whitelist Policy
Creating a whitelist policy for your reference system targets a collection of computers, searches for Windows executables, and then adds any Windows executables to a whitelist. You can create a reference system whitelist policy either automatically or man
Create Application Actions
For general information about Application Control Solution actions, go to Application Control Actions. To create Application Control actions, do the following steps: In the Arellia Security Manager Console, click the Policies tab. In the left pane, naviga
Create Application Control Policies
Although we recommend you use the Application Control Policy Wizard, you can also create new Application Control policies manually without using the Wizard. Click the links for each of the following methods for further information: Application Control Pol
Create New Application Control Policies
Application Control policies determine whether certain actions run when an end user starts an application. For example, a policy might deny an application the ability to execute or quarantine the application when a user attempts to run it. The easiest way
Creating Application Filters
To create an application filter, do the following steps: In the Security Manager Console click the Policies tab. In the file library in the left pane, navigate to Application Control > Filters. Right-click My Filters and click New and then click the type
|
||||||||||||||||||||||||||||||
DDeny File AccessAs the name suggests, the Deny File Access action prevents applications from reading or writing (or both) to certain directories or to Microsoft Office Documents. You can choose from two actions: Deny Read/Write Access to Microsoft Office Documents - Thi
Deny Windows Hooking
Deny Windows Hooking is an application action that limits specified applications from interacting in malicious ways with other applications. Related Links Restrict Malicious Applications Windows Hooks https://msdn.microsoft.com/en-us/library/windows/desk
Determine if the Policy is Applied
Determining which policy is applied to a process is useful when diagnosing whether a policy is being applied correctly. To determine which policy is applied, do the following steps: Open the Arellia Agent Logs (for details, go to Viewing the Agent Logs h
Discover All Applications on a Computer
To inventory all applications on a computer do the following steps: Navigate to Policies > Arellia Solutions > File Inventory > Policies. Right-click the Policies folder and select New > General Scheduled Client Task. EnableDefFile.jpg Click the Client
Discover Apps Requiring Admin Rights - Application Analysis
To discover all applications that require admin rights, do the following steps: In the Security Manager Console, click the Policies tab. In the file library in the left pane, click Policies > Arellia Solutions > Application Control > Policies > Applicatio
Display Advanced Message
The Messages > Advanced action folder contains the following advanced feedback messages: Application Denied Message Action - This action will display a notification of denial to the user attempting to run a process controlled by a policy. Application De
Download Source Filter
Introduced in Arellia 8.0 Arellia Application Control Solution can target applications based on where they were downloaded from, targeting exact URLs or an entire domain. adobe download source.PNG Arellia recommends adding filters to ensure that a file d
Drive Type
Drive Type filters are used to detect applications being started from a network drive, optical drive, or removable drive. The Drive Type folder includes the following types of built-in filters: Network Drive Filter - Specifies files present on network fi
Dynamic Filters
Dynamic filters are used for specific types of purposes and users, such as Interactive and Non-interactive Users, and they evaluate the context around when applications are run. Dynamic Filters are evaluted at runtime and are not tied to the particular ap
|
EEncrypt Application FilesThe Encrypt Application Files action forces applications to use Microsoft encryption when saving a file. Types of Encrypt Application Files Actions Encrypt Common Application Documents - This action can be used to automatically encrypt common application
Environment Variable Filter
An Environment Variable Filter compares an environment variable of a process to a specified value. Use the Environment Variable filter for compatibility testing and user-requested elevation. Most users will use only the two built-in Environment Variable f
Environment Variables
The Environment Variable action sets an environment variable of a process which could change the behavior of an application, or be caught by an Environment Variable filter in another policy. After you create a new Environment Variable action you can confi
Event Summary and Acknowledgement
Event Summary and Acknowledgement enables you to do the following tasks: Review recent Application Control events Acknowledge Application Control events Assign them to a policy Acknowledge an Event To acknowledge an event, do the following steps: From the
Executable Filter
You can use Executable filters to apply security policies to commonly used applications, such as instant messaging applications, browsers, mail clients, media players and Microsoft Office Suite applications. Executable Filters are powerful because they ar
Executable Headers
You can use executable headers to apply executable filters by type based on executable header attributes. The Executable Headers folder contains the following built-in filters: 32-bit Executables All Executable types Commandline Executables Dll Exec
Execute Application Action
The Execute Application action executes another application and (optionally) waits on that process completion before the original process can execute. ExecuteApp-NewAction.jpg
|
||||||||||||||||||||||||||||||
FFile Collection FiltersThese filters are collections of files from file inventory and software delivery package scans.
File Discovery Filters
The File Discovery filters are a collection of four filters that identify executables discovered by File Inventory on your managed computers for a specified amount of time. These collections cannot be edited. last_two_weeks.jpg
File Existence
The File Existence filter will check for the existence of a file at a defined path on the managed computer.
File Filters
File filters target the actual executable that is being run, with numerous sub-types targeting different aspects of executables. Types of File Filters Application Compatibility Filters - These filters are used to detect administrative privileges that may
File Inventory - Win32 Executables
This document shows you how to view reports of the Win32 Executable files in your environment, and on a specific computer. View the Win32 Executable files in your environment To view the Win32 Executable files in your environment, do the following steps:
File Owner Filter
You can use File Owner filters to specify if an application will be launched based on the File Owner listed on NTFS file systems. You can select multiple Security Principals when you create a new File Owner filter, as shown in the following screenshot. F
File Scanning Policies
File scanning policies scan managed computers for application file types (for example, iTunes files within Windows directories) and reports back to the Notification Server. To create a file scanning policy: Once you are in Arellia select the Policies tab
File Specifications Filter
The File Specifications filter identifies a particular file by file name and path based on the location of that file, and can be used to target a broad range of applications based upon the attributes defined. You can add other filters to this filter to ta
File Type Filter
The File Type filter, ISO File Type filter, defines file extensions or MIME types to target.
|
G |
||||||||||||||||||||||||||||||
HHomeApplication Control Solution 8.0 Product Documentation This is the product documentation for the current release of Application Control Solution. To find your way around, please use the left panel to browse the document tree, go to the Table of Contents h
How To
|
IIndex{index}{index}
Installation, Configuration, and Agent Rollout
To correctly set up Application Control Solution (ACS), be sure to execute the following processes in order: Install ACS https://www.arellia.com/wiki/display/AMS/Install+Arellia+Products Configure ACS https://www.arellia.com/wiki/display/acs8doc/Configu
Internet Zone
The Internet Zone filter detects if files were downloaded from the Internet or from what particular zone on the Internet (such as a trusted web site, intranet, or Internet).
Introduction to Application Control Solution (ACS) 8.0
Application-level security attacks, such as file system corruption, registry corruption, spyware, and keylogging pose a serious threat to mission critical business operations. Arellia Application Control Solution™ (ACS) software helps you manage this risk
Inventory Filters
Inventory Filters are evaluted at runtime and are used to apply Application Control policies for already discovered applications. Types of Inventory Filters File Parameter Collections - These filters use the inventory to create file scan results, package
|
||||||||||||||||||||||||||||||
J |
K |
||||||||||||||||||||||||||||||
L |
MManifest FilterManifest Filters test whether the application vendor has included a security manifest with the application, and whether any specific rights required are specified. Requested Execution Level choices include: None Specified - No security claims are present.
Manual Security Rating Filters
Manual Security Ratings are generally not used, but are included for backward compatibility with Application Control Solution v6.1. Typically combinations of Reference System whitelists, Package Contents whitelists and trust based Dynamic Filters are used
Manually Create a Reference System Whitelist Policy
What's Covered Create a Resource Target Create a File Scan Policy Create a File Parameter Selection Create a Whitelist Policy This document shows you how to create a whitelist policy for your reference system that targets a collection of computers, sear
Message Localization
This feature was introduced in Arellia 8.0 SP1 and requires the 8.0 SP1 Arellia Application Control Agent to be installed on the clients. Arellia Advanced User Messages can be customized to show localized text. Locale Example The default text for the req
Messages
Messages are the most common application action. There are two kinds of messages: Basic and Advanced. Basic messages appear as smaller pop-ups directly form the Taskbar area. Advanced messages are the type that pop up in the middle of the screen, requirin
My Actions
You can use the My Actions folder to store the actions you create. For example, if you right-click the Environment Variable folder to create a new Environment Variable. . . right_click_EV_folder.jpg . . .then you can drag the action to the My Actions fold
My Filters
You can use the My Filters folder to store the filters you create. For example, if you right-click the File Types folder to create a new File Specification Filter. . . choose_filters.jpg . . .then you can drag the filter to the My Filters folder. drag_new
|
||||||||||||||||||||||||||||||
NNetwork Location FilterThe Network Location filter identifies what network a computer is attached to. The Network Location Filter works with Windows Network Location Awareness to filter based on current network connectivity. The Standard Network Location folder includes the fol
|
OOrangelistingWhat is Application Orangelisting? Application orangelisting allows potentially trusted applications to run securely in your environment. Orangelisting is a dynamic method of managing applications that might not be included on a whitelist or blacklist. Ar
|
||||||||||||||||||||||||||||||
PPolicies, Actions and FiltersPolicies are sets of criteria or operations that are applied to resources; policies typically reside in the Policies Tab of the Security Manager Console. (For more information about policies, go to Policies.) Application Control policies determine if app
Policy Priority Management
Policy Priority Management Policy Priority Management allows for easy visualization and adjustment of ordering of Application Control policies. It is located in Application Control > Policy Priority Management ppm1.PNG The Policy Priority Management tool
Prevent Read and Write to File Types or Network Locations
To prevent read and write access, do the following steps: On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc. In the Security Manager Console, click the Policies tab. In the file library in the lef
Previous Versions
Previous Arellia Application Control documentation can be found here: Application Control Solution 7.5 Application Control Solution 7.1 Application Control Solution 7.0 Application Control Solution 6.x
Privilege Elevation
When a user logged in as a standard user tries to install a program, typically a User Account Control (UAC) prompt will appear requiring administrator-level permission to install. Application Control Solution eliminates need for UAC prompts or admin crede
Privilege Management Policies
The Privilege Management folder includes the following built-in policies: Limit Internet Browser and Mail Clients Process Rights - This policy implements the fundamental security principle of least privilege by restricting the process rights for standard
Privilege Reduction
Privilege reduction is the opposite of Privilege Elevation: you lock down specific applications so that they don't allow administrator rights or access to certain browser functions.
Process Hardening Policies
Process hardening means enhancing your system's security by locking down Arellia and disabling unnecessary services. Remove Advanced Privileges for Interactive Users is a demonstration policy that shows how you can remove privileges from Administrators an
Process Rights
The Process Rights action folder contains the actions to remove or add administrator rights. You can remove administrator rights for applications such as web browsers to increase their locked down state for both administrators and standard users. The ava
Protect against Internet Applications
Application Control Solution can deny certain processes access to internet-protected resources such as files, folders, domain resources, and spawning additional applications. Introduced in Arellia 8.0 First decide what application(s) you'd like to classi
|
QQuarantineThe Quarantine action isolates infected files in a protected directory so they can no longer infect the hosting system. You can define a quarantine path in the Security Manager Console under either the Policies tab or the Configuration tab. To define a qu
|
||||||||||||||||||||||||||||||
RReportsArellia provides numerous out of the box reports to help customers quickly understand the state of their environment. Event Summary The event summary view is the easiest to quickly determine what actions/policies are being applied and what applications ar
Request Elevation
Arellia Application Control Solution can enable end users to request elevation and then have that request approved or denied by the help desk. Arellia can approve or deny requests via the Arellia Management Server (AMS), or forward requests to a third-par
Restrict an Application's Process Rights
This scenario describes the process involved in restricting an application's process rights, and guides you through the necessary steps using the default Limit Internet Explorer and Outlook process rights policy. Internet Explorer inherits administrative
Restrict Malicious Applications
Arellia can prevent key loggers and other malicious applications from hooking into windows. To restrict malicious applications, do the following steps: Right-click on a policies folder and select New > Prevent Windows Hooking image2015-4-22 16:35:6.png
Reviewing application inventory
After you have installed the Application Control agent, the Application Control Solution performs an application inventory. You might want to view a summary of all of the Win32 executable files that were discovered to plan your Application Control strate
Run an Application in a Workspace Virtualization Layer
This document shows you how to capture application data in a Symantec Workspace Virtualization layer. In the following example, the end user has installed Symantec Workspace Virtualization and Microsoft Word. To run an application in a Workspace Virtuali
|
SSecondary File FiltersA Secondary File filter addresses situations where the intended target is not the primary executable file, such as RunDll.exe, but is rather a secondary file specified within the command line. This document gives you a working example of how to use Secon
Security Catalog Filter
You can use these filters to target executables found in security catalogs. The built-in filter targets the Signed Security Catalog (C:\Windows\System32\catroot\) and is typically used to automatically whitelist applications from Microsoft.
Self-Elevation
User self-elevation occurs when mobile, remote, or power users need to run software that is usually run by only users with administrator-level permission. Risks can occur when users are allowed to self-elevate, so you should weigh carefully the decision w
Self-Elevation Without Adding Administrator Rights
Using the default self-elevation users can give justification and launch applications with administrator rights (for details, go to Self-Elevation). The following steps allow users to request elevation, but not to add administrator rights to the applicati
Shared Location
Applications that run from a shared location can be automatically elevated. To do this, do the following steps: In the Arellia Security Manager, click the Home tab. Under Actions, click the Create Application Control Policy button. In the Application Cont
Signed Application Filters
How Signed Application Filters Can Be Used These filters can be used in several of the following ways: A target for ACS policies A parameter to prevent spoofing Signed Application filters identify applications based on their digital certificates. They can
Standard Windows 7 Users Unable to Install ActiveX
Problem: In Windows Vista and Windows 7, standard users are unable to install ActiveX plug-ins. For Windows XP users, Arellia offers the following solution: Controlling ActiveX objects. Solution: The following steps will enable ActiveX to be run and insta
|
||||||||||||||||||||||||||||||
TTable of ContentsHome
Time of Day Filters
You can create a filter to allow certain applications to run during only certain hours. For example, you can allow iTunes to run only outside business hours by excluding normal business hours (9am to 5pm) on an Application Control Policy that targets iTun
Tracking Policies
To track all policies enforced by the Application Control Solution, run the Application Actions by Computers report. Any Arellia Application Control Policy can send feedback about an event back to the server. To configure a policy to send feedback, check
TreeNavigation
Troubleshooting Determine if the Policy is Applied https://www.arellia.com/wiki/display/acs8doc/Determine+if+the+Policy+is+Applied?src=contextnavpagetreemode Standard Windows 7 Users Unable to Install ActiveX https://www.arellia.com/wiki/display/acs8doc/Standard+Window
|
UUAC OverrideWhen users attempt to start restricted applications they will receive a User Account Control (UAC) prompt for credentials. You can use Application Control Solution to create custom messages requiring users to provide a reason why they need administrator r
User Context Filters
User Context filters identify applications based on the group memberships of the users. These filters use the following parameters: Well-known users Built-in accounts Well-known groups Domain users A single user or group, or numerous combinations of
User Organization Unit Filter
Organizational Unit filters can be used in Arellia Application Control policies the same way User Context filters are used (for details about User Context filters, go to User Context Filters). The filter uses the following parameters: The organizational u
|
||||||||||||||||||||||||||||||
V |
WWhitelist Software Delivery PackagesArellia can connect and scan software delivery packages for applications to whitelist using the Arellia Application Control Solution. You can scan software delivery packages on one of the following systems: LANDesk Management Server Microsoft SCCM Symant
Whitelisting
Application whitelisting is a computer administration practice used to define what applications are trusted and allowed to run. This technique is often used hand-in-hand with application orangelisting and blacklisting which targets the unknown, unwanted,
Whitelisting Policy
The Whitelisting folder includes the following built-in policies: Allow Manual Security Rated Whitelist Execution - This policy allows applications in the All Whitelist Security Rated Applications filter to run. Allow Microsoft Installer Policy - This pol
Whitelisting, Orangelisting, and Blacklisting
Application whitelisting is a computer administration practice used to define what applications are trusted and allowed to run. This technique is often used hand-in-hand with application orangelisting and blacklisting which targets the unknown, unwanted,
Why Do My Files Not Have Names?
By default Arellia events only send the file hash of the file and not the file name, path, internal file details, or signature. The additional information is collected by Arellia's resource discovery and file inventory processes. To collect and show the
WMI Filter
The WMI filter contains a WMI Query that executes when the policy is evaluated. The query results can then be cached for a period of time. WMI.jpg
Workspace Virtualization Layers
You can apply this action to applications to dynamically run in a Symantec Workspace Virtualization layer. Included in the Workspace Virtualization Layers folder are the following actions: Workspace Virtualization Global Layer - This action places specifi
|
||||||||||||||||||||||||||||||
X |
Y |
||||||||||||||||||||||||||||||
Z |
!@#$ |