How can I block access to a particular file using Application Control?

This discussion has a more recent version.
Customer_CareCustomer_Care Posts: 548 F-Secure Employee

Issue:

  • Is there a way to block users from accessing or running a specific file with Business Suite products such as F-Secure Client Security and Server Security?
  • Can you for example block C:\Temp\temp.do or even the F-Secure Uninstallation Tool?

Resolution:

Email and Server Security 14.00 introduces the 'File access' event type to the Application control feature. This lifts the Application control feature to the next level - from controlling events like starting processes, loading DLLs and running installers to blocking access to any file.

Note: The 'File access' event type is not currently supported by F-Secure Client Security 14.10 and Server Security 14.00. The next versions of these products will add this feature.

With the help of F-Secure Application Control file access rules, the admin can block the distribution and execution of a certain file in their environment.

When creating the rule, providing only a file hash as a rule condition is enough but may result in performance degradation, because of the need to calculate new digests, especially for big files. To optimize rule performance it is recommended to supply a file size as an extra condition for file access rules.

  1. Log in to Policy Manager Console
  2. Select the host or domain from the Domain Tree
  3. Go to the Settings tab
  4. Go to the Application control page
  5. Click Clone to create a custom profile which can be edited
  6. Set the newly created profile as the Host profile 
  7. Click Add rule
  8. Set Event as File access 
  9. Set Action as Block 
  10. Add condition: Target SHA1 - Equals - <file SHA1>
  11. Add condition: Target size - Equals - <file size>
  12. Click OK to save the rule
  13. Distribute the policy (Ctrl + D)
Note: To be able to add the target size condition, you need to have F-Secure Policy Manager 14.30

This screenshot shows an example how to configure this in Policy Manager Console. This blocks users from launching a "bad" PDF file containing an exploit.
Application control supports blocking access to files

Article no: 000001830

Sign In or Register to comment.