Application filters

An application filter defines the applications (groups of files) that can be restricted by an Application Control Policy. There are two types of filters, Dynamic and Inventory. They, along with their subtypes are listed below: 

To access the Application Filters:

  • In the Symantec Management Console, on the Home menu, click Arellia > Application Control
  • In the left pane, select Policies > Application Control > Application Control Tasks > Application Filters

Dynamic filters

 These filters are evaluated by the Altiris Agent and are used to apply security policies to applications not yet discovered but commonly used or downloaded.

  • Application Context Filters - These filters are evaluated by the Altiris Agent and are used to apply security policies to applications in a user context.
  • Command Line Filters - A commandline filter examines the commandline (excluding the primary executable) and applies a pattern match (Exact, Partial or Regular Expression).
  • Executable Filters 
  • Secondary File Filters - A Secondary File filter addresses the situation where the intended action is not the primary executable (such as RunDll.exe), but rather a file specified within the commandline. It examines the commandline of an application to see whether there appears to be a secondary file. If so the secondary file filter applies the specified filters to the secondary file.
  • Signed Application Filters 
  • Time of Day Filter - These filters allow an application filter to be applied based on the specific time an application is launched. The time details can be set individually for each day of week, or applied to the same period on all days.
  • User Context

The following table lists all the filters available and a description of each.

Filter

Description

Application Context Filters

 

Interactive Users

You can apply policies to applications with interactive users. Select the appropriate check box and enter policy details in the fields provided.

LocalSystem and Service Applications

You can apply policies to LocalSystem and Service applications. Select the appropriate check box and enter policy details in the fields provided.

Service Applications

You can apply policies to Service applications. Select the appropriate check box and enter policy details in the fields provided.

Commandline Filters                          

You can create application filters that are based on the commandline of the running application.

  • Enter a filter name and description.
  • Enter the Match Option you want to search for.
  • Enter the Command line text you are searching for.

Executable Filters

 

Instant Messaging Applications -

  • AOL Instant Messenger
  • Google Talk
  • MSN Messenger
  • Skype
  • Trillian
  • Windows Messenger
  • Yahoo! Messenger

You can apply security policies to any of the listed Instant Messaging applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can:

  • Enter a filter name and description.
  • Enter a File name and File path in the fields provided.
  • (Optional) Click Include subdirectories if you wish to filter them.
  • Enter Win32 Executable File Information:
    • Internal Name
    • Original file name
    • File version
    • Product name
    • Product version
    • Company name

Internet Browsers - 

  • Firefox
  • Internet Explorer

You can apply a security policy to the listed Internet applications. You can configure it the same as Instant Messaging Applications, above.

Mail Clients - 

  • Eudora
  • Outlook Express

You can apply a security policy to the listed mail applications. You can configure it the same as Instant Messaging Applications, above.

Media Players - 

  • iTunes
  • Microsoft Windows Media Player
  • QuickTime
  • RealPlayer
  • Winamp

You can apply security policies to the listed Media Player applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.

MS Office Suite - 

  • MS Access
  • MS Excel
  • MS FrontPage
  • MS Outlook
  • MS Word

You can apply security policies to the listed Microsoft Office Suite applications. If any of these applications are installed in the future, you can automatically add them to a policy. You can configure them the same as Instant Messaging Applications, above.

Microsoft Installer File Filter

You can configure them the same as Instant Messaging Applications, above.

Win32 Executable File Filter

You can configure them the same as Instant Messaging Applications, above.

Secondary File

You can create application filters that are based on the applications file target which is taken from the commandline.

  • Enter a filter name and description.
  • Select an Item that you want to filter on.

Signed Applications

  • Microsoft Signed Applications

You can create a filter by associating a digital certificate.

  • Enter a filter name and description.
  • Include Digital Certificates - All files signed by a selected digital certificate will be included in this filter. For information on editing collections, see Notification Server Help.

Time of Day

  • Business Hours (8:30AM to 5:30PM)
  • Business Hours (8AM to 6PM)
  • Business Hours (9AM to 5PM)
  • Weekends

You can create a filter using certain hours.

  • Enter a filter name and description.
  • Select that time period(s) that you want to filter on.

User Context

You can create filters based on the group membership of the user.

Inventory filters

These collection-based filters are evaluated by the Notification Server and depend on file inventory data. They are used to apply application control policies for already discovered applications.

Filter

Description

Security Rating

This folder contains:

  • All Blacklist Applications
  • All Graylist Applications
  • All Unclassified Applications
  • All Whitelist Applications

All Executable Files Discovered in Last 2 Weeks

Collection listing all executables files discovered by File Inventory on your managed computers in the last two weeks. This collection can't be edited.

All Executable Files Discovered in Last Day

Collection listing all executables files discovered by File Inventory on your managed computers in the last day. This collection can't be edited.

All Executable Files Discovered in Last Month

Collection listing all executables files discovered by File Inventory on your managed computers in the previous month. This collection can't be edited.

All Executable Files Discovered in Last Week

Collection listing all executables files discovered by File Inventory on your managed computers in the last week. This collection can't be edited.

 To create a new Filter, right-click on the filter type that you wish to create and select New.  Configure the filter as desired.

(info)

Note
We recommend using the Application Control Wizard to create policies and to associate actions, filters, and target computers. See Creating an Application Control Policy .