If an application is denied by FSPM server by making rule in application control that no body can use that application or software ,
if any body tries to use that denied application then where we can get the details of that particular user\host FSPM server.
And an alert will reflect under alert tab in FSPM server or not ?
you first need to understand how (current) Application Control is working:
AC is adding dynamic rules to the Firewall to allow/deny the traffic. So only if that application causes IP-Traffic something is blocked. The simple start/use of an application is not controlled at all (yet).
As of this implementation you would not like to get a PM-alert for each IP-packet violating the FW-rules, which could be a huge amount. Instead the the firewall logs to local action.log, which enables an administrator to check locally if/why an application is blocked by F-Secure-Firewall.
But what are you trying to do? You seem to have an idea of AC that is not covered by the design...1 1Like