Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Space Index

0-9 ... 0 A ... 25 B ... 3 C ... 19 D ... 6 E ... 6
F ... 7 G ... 2 H ... 2 I ... 6 J ... 0 K ... 0
L ... 1 M ... 4 N ... 2 O ... 0 P ... 9 Q ... 1
R ... 21 S ... 6 T ... 5 U ... 1 V ... 0 W ... 3
X ... 0 Y ... 0 Z ... 0 !@#$ ... 0    

0-9

A

Page: ACS 7.5 Documentation ARCHIVE
This space is to archive retired docs instead of deleting them so their history can be retained.
Page: ActiveX installers actions
ActiveX installer actions are used only on Windows XP machines to enable standard users to install approved ActiveX applications in Internet Explorer. To create ActiveX installer action From the Arellia Security Manager Console go to the Policies tab. Nav
Page: Adjust process security
Adjusting process security allows a process to be protected from most tampering by users. For example, it can be used to restrict who can stop a process from the task manager. It is also recommended that all adjusting of process security is done in a test
Page: Advanced Feedback Message
Advanced Feedback Messages are used to collect justifications from the end user. These justifications can be for a request to run a program as an administrator or be a justification to run a program that has not been approved or denied yet. These justific
Page: Advanced user message action
There are five types of advanced feedback messages that can be used as actions to Application Control Policies: Application Denied Message Action - This action will display a notification of denial to the user attempting to run a process controlled by a p
Page: Analyzing application compatibility testing logs
Verify testing logs after applying Application Compatibility Testing Action To verify application compatibility testing logs From the Arellia Security Manager Console go to the Reports tab. Navigate to Reports / Arellia / Application Control / Whitelist /
Page: Application actions summary
The Application Actions folder contains all the operations that can be processed before a certain application can be run on a managed computer. Each action can be referenced by an Application Control policy and determines the environment in which the appl
Page: Application analysis
To analyze application compatibility: Test each application before doing a windows migration. Do the windows migration and then let users notify IT of problems with applications. Use Arellia Application Control Solution to identify applications with compa
Page: Application compatibility
"When addressing application compatibility issues in preparation for a deployment of Windows® 7, among the most flexible and powerful tools available are application compatibility fixes, or shims. However, most organizations do not leverage shims to the e
Page: Application compatibility actions
This folder is where all of the custom shims created from the Adjust Application Compatibility wizard are placed. You can also create new Application Compatibility Fix Actions. Application Compatibility Action applies the dynamic application of Microsoft
Page: Application compatibility filter
The application compatibility filter performs application compatibility tests as to whether a program is deemed to require specific security rights, or is an application setup. This feature only functions on Windows Vista, Windows 7, Windows 8, Windows 8.
Page: Application context filters
Interactive users filters This filter is 99.9% of the time used as a conditional filter for an application control policy to limit the policy to only apply to interactive users. It's recommended to use this filter when you use a broad scoping application
Page: Application Control
Coloredline.jpg Application Control Solution Reports To locate these reports: From the Arellia Security Manager Console, go to the Reports tab. Navigate to Arellia / Application Control. reports.PNG The report categories installed are: Report Type and wha
Page: Application Control agent configuration
This policy lets you configure general parameters that control the behavior of the Application Control Agent. To Configure Application Control Agent From the Arellia Security Manager Console go to the Configuration tab. Navigate to Settings / Agents/Plug-
Page: Application Control policies
Save time by using the Application Control policy wizard To View Standard Application Control Policies From the Arellia Security Management Console, go to the Policies tab. Navigate to Arellia / Application Control / Policies. Select New. A list of (stand
Page: Application Control policy wizard
The Policy Wizard simplifies creation of common types of Application Control policies The Application Control Wizard is accessible via the Actions section in the top right of the Arellia Console Home page by selecting "Create Application Control Policy".
Page: Application Control Solution (ACS) installation
This chapter details the installation requirements and procedures for Application Control Solution. Prerequisites The following software must be installed before installing Application Control Solution on Notification Server: Altiris® Notification Server™
Page: Application Control Solution (ACS) lifecycle
This illustrates everything that happens within the Application Control Solution lifecycle. ACS Overview.jpg File discovery After installing Application Control Solution, you must install the File Inventory Agent on managed computers. Installing the File
Page: Application filters summary
Application filters An application filter defines the applications (groups of files) that can be restricted by an Application Control Policy. There are three types of filters - Dynamic, File and Inventory. They, along with their subtypes are listed below
Page: Application metering actions
These actions are used to meter an applications use Symantec Endpoint Protection™. To meter application usage From the Arellia Security Manager Console, go to the Policies tab. Navigate to Policies / Arellia Solutions / Application Control / Actions. Righ
Page: Apply Provisioned Account (Using Task Tab)
Coloredline.jpg
Page: Apply Provisioned Group (Using Policy Tab)
Coloredline.jpg Not implemented yet. Under construction.
Page: Apply Provisioned Group (Using Task Tab)
Coloredline.jpg Under Construction! Checking Exact Membership enforces this provisioned group to only users that are specified under Group Membership. Selecting Include Primary user, (the user that is logs onto that machine the most becomes the primary us
Page: Arellia Infrastructure
Arellia Infrastructure Page See Gauges http://portal.arellia.com/wiki/display/ACS75DOC/Gauges Report Queries http://portal.arellia.com/wiki/display/ACS75DOC/Report+Queries Resource Discovery http://portal.arellia.com/wiki/display/ACS75DOC/Resource+Discove
Page: Automate document encryption
This section describes the process involved in automatic document encryption. For this scenario you will create a policy to enforce document encryption for all Microsoft Excel Spreadsheets. Scenario description In this scenario, the end user has: Two user

B

Page: Basic message action
Basic User Messages pop-up from the task bar. Basic messages don't require the end-user to do anything. Types of basic messages From the Arellia Security Manager Console, go to the Policies tab. Navigate to Policies / Arellia Solutions / Application Contr
Page: Best practices
The best practices addresses the best way of elevating privileges and whitelisting within Application Control Solution.
Page: Blacklisting

C

Page: Command line filters
All of the commands under this folder are built-in and are used by the ACS Policy Wizard when it creates an elevation policy for certain system options. These filters are all partial matches that will elevate an application if that command is present. For
Page: Compatibility adjustment
Compatibility Adjustment can be accomplished by right-clicking an application from the Event Viewer and Adjusting the Compatibility with an Application Compatibility Testing Action.
Page: Compatibility Analysis
Coloredline.jpg
Page: Configuration
Configuration is necessary before rolling out agents because depending on what you configure, you will receive varying results. You are ready to configure Application Control after you have installed all server components but before you have rolled out t
Page: Configure Active Domain Import
Coloredline.jpg Not implemented yet. Under Construction.
Page: Configure Local User Inventory
Coloredline.jpg Using the User/Group Inventory Task From the AMS Console, go to the Tasks tab. Select Local Security Folder / User/Group Inventory Task. Missing step...Right-click, then what? Or Quick Run? Both? Running the User/Group Inventory Task popul
Page: Configure Services Inventory
Coloredline.jpg
Page: Configuring for a test environment
By default Application Control Agent configuration options are not set to readily test configuration changes in a test environment. The following agent configuration allows for accelerated feedback when testing Use Cases. Configure the Application Contro
Page: Configuring resource discovery
Resources are the agents and servers running on your network. Before you can begin to apply policies, elevate or reduce privileges, you must discover all of the resources that you have to work with. Regardless of the Agent Discoverer, Arellia optimizes th
Page: Create a new basic message action
To create a new basic message, do the following steps: From the Arellia Security Manager Console, go to the Policies tab. Navigate to Policies / Arellia Solutions / Application Control / Actions / Messages. Right-click Basic and select New / Display User
Page: Create Domain Account Password Randomization Task
Coloredline.jpg
Page: Create Provisioned Account for Local Account
Coloredline.jpg To first begin, create a new prov user and a new prov group. Resources/Provisioned Users, click New Provisioned User and fill in the details of the form. Click Save. Policies/Resources/Provisioned Group, click New, use and already provisio
Page: Create Provisioned Account With a Static Password
Coloredline.jpg Cannot provision user account only (group is expected as a parameter). Under construction.
Page: Create Provisioned Group for Administrators
Coloredline.jpg
Page: Create Service Configuration Task
Coloredline.jpg
Page: Creating an Application Control policy using an existing policy
Application Control policies determine whether certain actions run before an end user can run an application. For example, a policy might deny an application the ability to execute or quarantine the application when a user attempts to run the application.
Page: Creating application actions
A list of simplified actions can be found below, a full list of actions can be found here: Application Actions Summary http://portal.arellia.com/wiki/x/LgC3. After creating or modifying an action, the action can then be used as an Action in an Application
Page: Creating Application Control policies
Application Control policies determine whether or not application actions are run before an end user can run an application. We recommend using the Application Control Wizard to create policies and to associate actions, filters, and target computers. To A
Page: Creating application filters
To access the Application Filters, do the following steps: Once you are in Arellia > Application Control select the Policies tab. Select Application Control > Filters. f1.PNG To create an application filter, do the following steps: You can select from a v

D

Page: Default File Inventory Policy
Default File Inventory Policy page The Default File Inventory Policy discovers information about software programs running on managed computers. By default, this runs daily. To manually run the File Inventory Policy on a managed computer at any time, per
Page: Deny file access
As the name suggests, these actions prevent applications from reading or writing (or both) to certain directories or to Microsoft Office Documents. To deny applications from access, do the following steps: From the Arellia Security Manager Console, go to
Page: Disclose Password for Provisioned User Account
Coloredline.jpg
Page: Disclose Password for Randomized User Account
Coloredline.jpg
Page: Disclose the Password for Provisioned User Account
Coloredline.jpg From the Policies tab, go to Resources / Local Users. Find the Provisioned User Account on a remote machine. Right-click the Provisioned User and select Show Managed Password. This action displays the randomized password of the Provisioned
Page: Dynamic filters
Dynamic Filters are evaluted at runtime and are not tied to the particular application being run but by other factors. Types of dynamic filters include: Application Context Filters - These filters are evaluated by the Altiris Agent and are used to apply s

E

Page: Encrypt application files
As the name suggests, this action forces applications to use Microsoft encryption when saving a file. To encrypt application files, do the following steps: From the Arellia Security Manager console, go to the Policies tab. Navigate to Policies / Arellia S
Page: Environment variable filter
The definition of an environment variable filter compares an environment variable of a process to a specified value. Most users will never create their own versions of Environment Variable Filters and will only use the two we have defined. Manual Applicat
Page: Environment variables
An application gets caught by a policy and this action sets an environment variable that the application can use. Any application it spawns would have that same environment variable, from there additional application filters and policies could be used to
Page: Event summary and acknowledgement
Event Summary and Acknowledgement enables you to do the following: Review recent Application Control events Acknowledge Application Control events Assign them to a policy To view the event summary, do the following steps: From the Arellia Security Manager
Page: Executable filter
Tests file specifications and/or details contained with the Version Information resourceExecutable Filters are powerful because they are built on "and" logic and not "or" logic, meaning that parameters for any type of executable can be filtered (excluded
Page: Execute Application Action
Executes another process and (optionally) wait on that process completion before the original process can execute. To Create Execute Application Action From Arellia Security Manager Console, go to the Policies tab. Navigate to Policies / Arellia Solutions

F

Page: File filters
File filters target the actual executable that is being run, with numerous sub types targeting different aspects of executables. Types of File Filters include: Application Compatibility Filters - These filters are used to detect administrative privileges
Page: File hash filters
There are three ways in Application Control Solution (ACS) for file hashes to be used as the program or process identification parameter: Reference System lists (see How to create a Whitelist from a Reference System) are hashes. Package Contents lists (se
Page: File Inventory Agent For Windows
File Inventory Agent For Windows See Default File Inventory Policy http://portal.arellia.com/wiki/display/ACS75DOC/Default+File+Inventory+Policy
Page: File inventory filters
A file inventory filter defines the applications (groups of files) that can be restricted by a file control policy, and the applications (groups of files) that can be restricted by an Application Control policy. There are five types of filters: Drive Typ
Page: File Inventory Reports
File Inventory Reports To locate these reports: Go to Arellia Security Manager and click on the Reports tab Select Reports > Arellia > File Inventory FI2.png The report categories installed are: Report Category Report Name Agent Information File Invento
Page: File owner filter
File owner filters target the security principal that is listed as the file owner on NTFS file systems. To edit a file owner filter, select multiple security principals. If any of the security principals match the file owner on the file being tested then
Page: File scanning policies
File scanning policies scan managed computers for application file types (Example: ITunes files within Windows directories) and reports back to the Notification Server. To create a file scanning policy, do the following steps: Once you are in Arellia sele

G

Page: Gauges
Gauges page Select from the following Gauge choices: Gauge Categories Configuration Product Monitor System Health Vulnerabilities Gauge Queries Computers Guest Account Enabled Percentage of Systems with Guest Account Enabled Windows Patch Compliance By Co
Page: Getting started
Prerequisites for getting started tasks You must install the following software before you can use Application Control Solution: Arellia Management Server. Application Control Solution 7.5. See Agent installation. Getting started tasks Imagine that you ar

H

Home page: Home
Application Control Solution 7.5 Product Documentation This is the product documentation for the current release of ACS. To find your way around, please use the left panel to browse the document tree or search. Or start at the beginning. If you are lookin
Page: How to determine if the policy is applying
Determining which policy is applying to a process is useful when trying to diagnose whether or not a policy is being applied correctly. Below are steps for the Arellia Management Server and Symantec Management Agent using Arellia 7.5 Application Control A

I

Page: Index
{index}{index}
Page: Installation, Configuration, and Agent Rollout
To correctly set up Application Control Solution (ACS), be sure to execute the following processes in order: Install ACS https://www.arellia.com/wiki/display/AMS/Install+Arellia+Products Configure ACS https://www.arellia.com/wiki/display/ACS75DOC/Config
Page: Installing Application Control Solution to the Arellia Management Server
Steps to install Arellia Application Control Solution on Arellia Management Server Complete the AMS Server Installation Navigate to http://localhost/AMS/Setup/ http://localhost/AMS/Setup/ Install Arellia Application Control Solution Install Arellia File I
Page: Installing the Application Control Agent
The Application Control Agent is software that you can install on your managed computers. The agent lets Application Control Solution run policies, manage applications, and run defined actions. You can install the agent from the policies in the Applicati
Page: Introduction to Application Control Solution (ACS)
Application-level security attack, such as file system corruption, registry corruption, spyware, and keylogging, pose a serious threat to mission critical business operations. Arellia Application Control Solution™ software helps you manage this risk by al
Page: Inventory filters
Inventory filters are evaluted at runtime and are used to apply Application Control policies for already discovered applications. Types of Inventory Filters include: File Parameter Collections - These filters use the inventory to create file scan results

J

K

L

Page: License reclamation
This application reclaims Application Control licenses from managed computers with no Application Control agents installed. To access this section, go to Arellia Security Manager and click on the Configuration tab Select Settings > Arellia > Application C

M

Page: Manifest filter
Manifest filters test whether the application vendor has included a security manifest with the application, and (optionally) whether specific rights rights required are specified. The Manifest Filter tests the following: whether the application vendor has
Page: Manual security rating
Manual Security Ratings are generally not used, but are included for backward compatibility with ACS 6.1. Typically combinations of Reference System whitelists, Package Contents whitelists and trust based Dynamic Filters are used instead of manual Securi
Page: Manual security rating filters
Manual security ratings are generally not used, but are included for backward compatibility with ACS 6.1. Typically combinations of reference system whitelists, package contents whitelists and trust based dynamic filters are used instead of manual securit
Page: Messages
Messages are the most common application action. There are two kinds of messages: Advanced and Basic. Advanced messages are the type that pop-up in the middle of the screen, requiring the user to justify access to a certain application or to warn the user

N

Page: Network location filter
Applies current network connectivity tests using Windows Network Location Awareness The network location filter works with Windows Network Location Awareness to filter based on current Network Connectivity. Standard network location filters Name Descripti
Page: No Required Input Advanced Message Action
No required input messages differ from the Advanced Feedback Message Actions because they do not require a justification to continue. The end-user only needs to acknowledge the displayed message. 1Coloredline.jpg This feature requires that the Microsoft .

O

P

Page: Policies, actions, and filters
Application Control Solution (ACS) Features & Functions This chapter covers the most common tasks when working with Application Control Solution. Creating Application Policies Creating application actions Creating application filters
Page: Policy priority management
Policy priority management allows for easy visualization and adjustment of ordering of Application Control policies. It is located in Application Control > Policy Priority Management. ppm1.PNG The Policy Priority Management tool also makes it easy for qui
Page: Prerequesites
Coloredline.jpg
Page: Prevent malicious applications from running
This scenario shows you how to prevent the end user from running cmd.exe. Scenario description In this scenario: The end user has run C:\windows\system32\cmd.exe at least once since the Application Control Agent was installed. File Inventory Agent has ret
Page: Prevent read and write to file types or network locations
Scenario description In this scenario, the end user has the following installed: Microsoft Word Microsoft Excel Scenario resolution On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc. Once you are
Page: Privilege elevation
Page: Privilege reduction
Page: Process rights
The process rights action folder contains the actions to remove or add administrator rights. Removing administrator rights is used for applications such as web browsers to increase their locked down state for both administrators and standard users. Adding
Page: Product Licenses
Product Licenses This page displays the currently installed product licenses and allows you to add additional licenses. To access this page: Once you are in Arellia select the Home tab Select View/Install Licenses from the Actions window licenses1.PNG Alt

Q

Page: Quarantine files
This scenario shows you how to quarantine a known malicious application. Scenario description Copy and rename cmd.exe: "C:\Virus\malicious application.exe". Scenario resolution On the managed computer, create the Microsoft Word document C:\document\import

R

Page: Randomize Currently Disclosed Passwords
Coloredline.jpg Automation policies not implemented. Under construction.
Page: Randomize Password (Using Policy Tab)
Coloredline.jpg Not implemented yet. Under construction.
Page: Randomize Password (Using Task Tab)
Coloredline.jpg Under construction...Dividing into shorter tasks... Randomize Administrator Password Task From the Tasks tab, select the Local Security folder / Randomize Administrator Password. Right-click and select Run to run this task on multiple mac
Page: Report Queries
Report Queries Page rq1.PNG
Page: Resource Discovery
Resource Discovery Page See Resource Discovery Agents http://portal.arellia.com/wiki/display/ACS75DOC/Resource+Discovery+Agents Server Discoverers http://portal.arellia.com/wiki/display/ACS75DOC/Server+Discoverers Resource Discovery Update http://portal.
Page: Resource Discovery Agent Configuration
Default Resource Discovery Agent Policy The Default Resource Discovery Agent Policy determines the frequency of scanning files for their resource information. Files are inventoried separately at run time or via the file inventory policy. For performance o
Page: Resource Discovery Agents
Resource Discovery Agents page This policy controls how often the File Inventory Agent inventories managed computers and reports back to the Notification Server. To access the Resource Discovery Agents: Once you are in Arellia select the Configuration tab
Page: Resource Discovery Update
Resource Discovery Update The Resource Discovery Update page lets you configure the schedule for calculating what Notification Server Resources need additional client or server side discovery. The task enumerates all server and client side Resource Discov
Page: Resource Purging
Resource Purging The Resource Purging policy lets you perform a periodic database cleanup and remove any file and digital certificate resources that are no longer associated with any computers. By default, the schedule runs daily. To access and enable thi
Page: Restrict an application's process rights
This scenario describes the process involved in restricting an application's process rights. This sample scenario guides you through the necessary steps, using the default Limit Internet Explorer and Outlook process rights policy. Scenario description In
Page: Review All Password Disclosures
Coloredline.jpg
Page: Review Any Local User in Administrators Group
Coloredline.jpg
Page: Review Domain Users in Administrators Group
Coloredline.jpg
Page: Review Events
Coloredline.jpg
Page: Review Local User Summary
Coloredline.jpg
Page: Review Local Users in Administrators Group
Coloredline.jpg
Page: Review Password Disclosures
Coloredline.jpg
Page: Review User-Based Services
Coloredline.jpg
Page: Reviewing Application inventory
After the Application Control Agent has been installed, the solution performs an application inventory. This inventory is gathered by the Default File Inventory Policy and the Default File Discovery Policy. You might want to view a summary of all of the W
Page: Run an application in a Symantec Workspace Virtualization (SWV) layer
This scenario shows you how to capture application data in a Symantec Workspace Virtualization (SWV) layer. Scenario description In this scenario, the end user has the following installed: Microsoft Word Scenario resolution On the managed computer, create
Page: Run Automation Policy
Coloredline.jpg

S

Page: Secondary file filters
Secondary file filters are complicated to set up, but well worth it, if you understand how they work. This topic will attempt to explain how they work and give you a working example of how they can be used. MSI file example If you want to elevate msi file
Page: Self-elevation
User self-elevation occurs when mobile, remote, or power users need to run software that is usually run by Administrators only. Risks can occur when users are allowed to self-elevate and the option to allow self-elevation should be weighed carefully. The
Page: Self-elevation without adding Administrator rights
Using the default self-elevation, applications are launched with administrator rights after a justification is given. The following steps will allow a user to request elevation, but not add administrator rights to the application. Right-click Justify Appl
Page: Server Discoverers
Server Discoverers To access the Server Discoverers page: Once you are in Arellia select the Configuration tab Select Arellia > Infrastructure > Resource Discovery > Server Discoverers sd1.PNG Select from the following Server Discoverer choices: Common Co
Page: Signed application filters
These filters can be used in several of the following ways: A target for ACS policies A parameter to prevent spoofing Signed application filters use certificates as a parameter. They can use one or many certificates in a single signed application filter.
Page: Standard Windows 7 users install ActiveX
Issue In Windows Vista/7 standard users are unable to install ActiveX plug-ins. For Windows XP Users, Arellia offers the following solution http://portal.arellia.com/wiki/display/KB/Controlling ActiveX objects http://portal.arellia.com/wiki/display/KB/Con

T

Page: Table of Contents
Home
Page: Time of day filters
Time of Day Filters do exactly as the name suggests. For example, you can allow iTunes to run when it's not business hours by excluding normal business hours (9am to 5pm) on an Application Control Policy that targets iTunes (TM).
Page: Tracking policies
To track all policies enforced by Application Control Solution, run the Application Actions by Computers report. From the Arellia Security Management Console select the Reports tab. Navigate to Arellia / Application Control / Application Control Policy E
Page: TreeNavigation
Page: Troubleshooting

U

Page: User context filters
These filters take the following as parameters: Well-known users Built-in accounts Well-known groups Domain users A single user or group or numerous combinations of users/groups/well-knowns allow User Context Filters to limit the scope of Application Cont

V

W

Page: Whitelisting
Coloredline.jpg
Page: Whitelisting reference systems in Arellia Management Server (AMS)
In this scenario you will create a reference system whitelist policy that targets a collection of computers, searches for Windows executables, then adds any Windows executables not currently in a security catalog to a whitelist. You will also add applicat
Page: Whitelisting software packages
This scenario takes you through the process of creating an application control policy to inventory software delivery packages and add them to a whitelist, marking them as safe to be used in your environment. Once the policy has been created, inventorying

X

Y

Z

!@#$

  • No labels