Application Control Policies

Application Control Policies

Application Control policies determine whether or not application actions are run before an end user can run an application.

  • Adobe download manager deny policy -
  • Allow Microsoft Installer Policy - Enable any Windows Installer child process to execute and prevent Windows Installer child processes falling under any "Unclassified applications" policies.
  • Allow Whitelist Execution - Allow whitelisted applications to run unmanaged by Application Control Solution and prevent graylist Application Control Policies from applying to whitelisted applications.
  • Deny Blacklist execution - Prevent any application on the blacklist from being executed.
  • Limit Internet Browser and Mail Clients Process Rights - Restrict the process rights for standard Internet browsers and mail clients. Running these applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within these applications.
  • Limit Popular Instant Messaging Application Process Rights - Restrict the process rights for standard Instant Messaging applications. Running these applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within these applications.
  • Limit Popular Media Player Process Rights - Restrict the process rights for media player applications. Running these applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within these applications.
  • Limit Process Rights for Unclassified Applications Discovered in the Last Week - Restrict the process rights for an application. Unnecessarily running applications with administrative rights can present significant security problems. This policy reduces the risk of an exploit infecting a computer from within an application. This policy applies to applications that have been discovered locally in the last week and has Stage 2 Processing enabled by default.
  • Package Contents Whitelist Policy - These policies automatically inventory software packages in a folder or by MSI, and add these applications to a whitelist.
  • Reference System Whitelist policy - These policies automatically inventory systems (Example: Windows directories of computers in a collection), and add discovered applications to a whitelist.

Note

We recommend using the Application Control Wizard to create policies and to associate actions, filters, and target computers.

To access the Application Control Policies:

  • In the Symantec Management Console, on the Home menu, click Arellia > Application Control
  • In the left pane, select Policies > Application Control > Application Control Policies

For information, see Creating an Application Control policy.