cancel
Showing results for 
Search instead for 
Did you mean: 

Blocking of Application

Highlighted
Aspirant

Blocking of Application

Hi to all

 

We have deny the some application through policy manger console  in the application control  Rule for known application and set as Deny (in setting Standard mode )for example Wireshark etc.

 

But  Clients are able to install the application and can run the application.

 

Kindly give advice how to block application so that user in client machine can not install the such application and can't run it.

 

It will helps us to restrict the unwanted application run on the network

1 ACCEPTED SOLUTION

Accepted Solutions
Superuser

Betreff: Blocking of Application

Hi,

application control is not designed to inhibit installation of an application. It is to control it's communication to the network.

 

So if you do not want a user to install an application, why grant him the right to do so? That should be limited by Windows, i.e. Split between user and admin role.

 

Furthermore: application control adds a specific HASH to the table. If the binary matches this HASH it will be blocked. This helps to avoid users just to rename the application and then run it.
BUT: If there is an update of the same Application it will not be blocked anymore, because that has a different HASH.

 

A possible way is to DENY any unknown application and then whiteliste those that you allow. But you need to keep track of updates and add new versions to the list. As a sideeffect this helps alot to keep a clean an homogenous versioning.

(Just want to mention that this is somewhat clumpsy and under review by FS already)

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

1 REPLY
Superuser

Betreff: Blocking of Application

Hi,

application control is not designed to inhibit installation of an application. It is to control it's communication to the network.

 

So if you do not want a user to install an application, why grant him the right to do so? That should be limited by Windows, i.e. Split between user and admin role.

 

Furthermore: application control adds a specific HASH to the table. If the binary matches this HASH it will be blocked. This helps to avoid users just to rename the application and then run it.
BUT: If there is an update of the same Application it will not be blocked anymore, because that has a different HASH.

 

A possible way is to DENY any unknown application and then whiteliste those that you allow. But you need to keep track of updates and add new versions to the list. As a sideeffect this helps alot to keep a clean an homogenous versioning.

(Just want to mention that this is somewhat clumpsy and under review by FS already)

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de