Using the Application Control component, you can adjust which applications, modules, script interpreters, drivers and MSI packages to allow and which ones to prohibit launching on protected stations on the anti-virus network on which Dr.Web Agent for Windows is installed.
Schemes of Application Control operation is given below.
Basic tools of the Application Control:
•Profiles—the list of rules that determine which of the applications on the stations can be started and which are prohibited. Profiles are created by the administrator and are assigned to policies, stations and users, as well as groups of stations or users. Profiles define the operation mode on the Application Control.
Profiles are configured in the network tree of the Anti-virus network section.
•Application lists:
▫Trusted applications—the list of applications that is made according to the specified rules and is collected from the selected stations by decision of the administrator. When operating in the allow mode, running these applications will always be allowed. Specific groups of trusted applications are selected in the settings for each profile individually.
▫Application catalog—the list of all applications installed on protected stations. The catalog is collected automatically in the background mode and cannot be changed by the administrator.
Application lists are configured in the Administration section.
•Application Control Events—information on events detected on stations by the Application Control component.
Application Control events are displayed in the Anti-virus network → Statistic section.
Basic operation modes of the Application Control:
•Functional analysis—the set of predefined rules by which applications are allowed or prohibited to be launched in accordance with the functions performed.
•Allow mode—means that on all monitored stations, only applications from the Trusted applications list and applications that comply with the allow rules are allowed to run. All other applications are blocked.
•Deny mode—means that on all monitored stations, only applications that comply with the deny rules are prohibited to run. All other applications are allowed.
|
Allow and deny modes can be enabled or disabled both together and separately. Functional analysis must be always enabled. If all policies are disabled, applications launch is not controlled. |
To configure Application Control
2.Assign stations, users, and groups to use the settings of created profile.
3.Configure the profile settings.
|
It is recommended to configure profiles operation in the test mode. |