Creating an Application Control Policy
Application Control policies determine whether or not certain actions are run before an end user can run an application. Example: A policy may deny application execution or quarantine the application when a user attempts to run the application. The easiest way to create these policies is to use the Application Control Wizard.
To create an Application Control policy
1. In the Altiris Console, click the Tasks tab.
2. In the left pane, select Tasks > Security Management > Application Control >
Windows > Application Control Tasks > Manage Applications.
3. In the right pane, click
4. In the pop-up menu, select the policy you want from:
* Automate Document Encryption
* Blank Application Control Policy
* Deny Application Execution
* Elevate Process Rights
* Prevent Windows Hooking
* Quarantine Application
* Restrict Application Read and Write File Access
* Restrict Process Rights
* Run an Application in Read-Only Mode
* Run an Application in an SVS Layer
Note
For descriptions of these Application Control policies, see Overview (page 4).
This opens the Application Control Wizard in a new window. The following 3 steps take you through the wizard.
Step 1 - Welcome to the Application Control Wizard
Select the computers and applications you want to target with this policy.
1. To select computers this policy applies to, click the Computers:
.
2. In the Collection Selector dialog, select a collection and click Apply.
3. To include filters in the policy, click the Include:
.
4. In the Items Selector dialog, select an application filter.
To add your own application filter:
a. In the Items Selector dialog, click
, and select a filter type. b. Depending on your selection:
* In the Collection Summary dialog, enter a name and description for the filter, or
* In the Dynamic Filter dialog, configure the filter as required.
For details on what you can configure for each filter, see Application Filters
(page 24).
To add additional filters, see (Optional) To Add extra Application Filters
(page 12).
5. To exclude filters in the policy, click the Exclude:
and follow the procedure in
6. Step 4 above.
Click Next.
(Optional) To Add extra Application Filters
You can add as many application filters to a policy as you want:
1. When you select an application filter in the Item Selector dialog as shown in Step 1
- Welcome to the Application Control Wizard (page 11), click
, and select a new filter.
2. In the Item Selector dialog, click
, select the filter you just added, and click
Apply.
Your policy now contains two application filters.
Step 2 - Select Actions
In this step, you select actions to apply to an application and its processes. You can also select application action reporting options.
1. To add an action to the policy, under Select an action to apply to the application, click Select an Item.
2. In the Items Selector dialog, select an application action.
To add your own application action:
a. In the Items Selector dialog, click
and select an action.
b. In the Application Action dialog, enter a name and description for the action.
For details on what you can configure for each action, see Application Actions
(page 16).
To add additional actions, see (Optional) To Add extra Application Actions
(page 13).
3. To add an action to any Child Process select:
* Same as Above - Apply the application action to any child process.
Altiris Application Control Solution Help 12
* Use Different Action - Click Select an Item, select an application in the
Items Selector Dialog, and click Apply.
4. (Optional) Click Send the Notification Server an event if these actions are applied.
5. Click Next.
(Optional) To Add extra Application Actions
You can add as many application actions to a policy as you want:
1. When you select an application action in the Item Selector dialog as shown in Step 2
- Select Actions (page 12), click
, and select a new action.
2. In the Item Selector dialog, click
, select the action you just added, and click
Apply.
Your policy now contains two application actions.
Step 3 - Policy Details
Enter general policy details and enforcement options.
1. Click Enable.
2. Enter a policy name and description in the fields provided.
3. Select your policy enforcement options:
* Policy Priority - Enter a policy priority to determine its order in relation to other policies.
* To continue enforcing lower priority policies after enforcing this policy, click the appropriate check box.
* To continue enforcing lower priority policies for child processes after enforcing this policy, select the appropriate check box.
4. Click Finish.