What is Application Blacklisting?
Application Blacklisting prevents unwanted applications from running in your environment, which protects your network from malware threats.
Arellia's Application Control Solution allows you to manage applications flexibly in a large, distributed client environment by putting:
- known trusted applications in a whitelist
- potentially trusted applications in an orangelist (also known as a graylist)
- everything else in a blacklist
Bl is software you don’t want on your environment. You don’t necessarily bl base on file hashes or dig sig, but things like games, exe’s that are signed using bad dig sigs, apps that. . .target bad exe’s based on generic exe info and internal product names, it’s well known and you don’t want running in your environment. Bl policies are at P1. You don’t want to deny exe starting off – you want to monitor environment to monitor what should be on whitelist so you don’t end up causing everything not to exe.
Automated blacklists are problematic, as they will break common functionality.
Exception Blacklisting should only be implemented after much analysis, end user education, and policy refinement. An exception blacklist will block any software that is not covered by Whitelist or Orangelist policies.
Blacklisting Exceptions
Exception policy. . .this approach is a good initial step when rolling out policies as often times you don’t know what applications are actually exceptions. A policy will be created to blacklist or deny any policies that didn’t meet the Whitelist or Orangelist criteria. Prevent unnecessary helpdesk calls, create a custom message for the blacklist policy.
Blacklisting options:
- Application attributes
- File hash
- Location
- Untrusted applications