Application Control Events |
Receiving Statistics Configuration To activate sending the information for the Application Control events from the stations 1.In the Anti-virus network section, in the network tree select stations and station groups with Application Control installed from which you want to receive information on applications launch. 2.In the control menu, select Windows → Dr.Web Agent. 3.On the General tab, set the Track Application Control events flag to track processes activity at stations detected by Application Control and send events to Dr.Web Server. If there is no connection with Dr.Web Server, events are collected and sent upon connect. If the flag is cleared, processes activity is ignored. 4.Click Save. To activate collecting the information for the Application Control events at Dr.Web Server 1.In the Administration → Dr.Web Server configuration section, go to the Statistics tab. 2.Set one of the following options: •Application Control statistics on processes activity to receive and write information on any activity of all processes: either allowed or prohibited to launch by Application Control. Setting this option will enable registration of applications in the catalog, as long as at least one profile is created and assigned, with one or several categories of functional analysis criteria selected. •Application Control statistics on processes blocking to receive and write information on activity of all processes prohibited to launch by Application Control. For this option, applications will be written to the catalog only after creating profiles by the settings of which application launch will be blocked, and assigning these profiles on stations of anti-virus network.
3.Click Save. 4.Restart Dr.Web Server. 5.After restarting, Dr.Web Server starts collecting statistics on applications launch received from all stations with Application Control installed. Viewing Statistics To view events detected on stations by Application Control component 1.In the hierarchical list select a station or a group. 2.In the control menu select Application Control events item from the Statistics section. 3.The window containing the list of applications which were prohibited or allowed to run at the selected stations will be opened. 4.The statistics for last 24 hours are displayed by default. To view the data for certain time period, specify the certain time period relatively today in the drop-down list, or select the arbitrary date range on the toolbar. To select the arbitrary date range, enter required dates or click the calendar icons next to the date fields. To load data, click Refresh. The tables with statistics will be loaded. The table below contains the description of the table columns. Description of the columns in the Application Control Events table
5.To save the table for printing or future processing, click one of the following buttons:
Creating Rules To create a new rule basing on the event statistics of the Application Control 1.In the Statistics → Application Control events section, select a row with the event in the attempt to launch an application for which you want to create the rule for controlling the launch. 2.The table row click opens the window with information on the selected event. 3.Click Create rule. 4.The window for creation of a new rule will be opened. Specify the following settings: a)In the Profile name drop-down list, select the Application Control profile for which the rule will be created. b)In the Rule name filed, specify the name of creating rule. c)For the Rule type option, select the type of creating rule: deny or allow. d)For the Operation mode option, select the operation mode of the creating rule (corresponds the Switch rule to test mode flag at rule creation in a profile): e)In the Prohibit the launch of applications on the following criteria/Allow the launch of applications on the following criteria section (depending on the rule type selected on step 4b), the fields will be automatically specified in accordance with the applications on the base of which the rule is creating. If necessary, you can edit the settings. 5.Click Save. The rule will be created in the specified profile of the Application Control. |