Blocking of Application

ravi12

Hi to all

 

We have deny the some application through policy manger console  in the application control  Rule for known application and set as Deny (in setting Standard mode )for example Wireshark etc.

 

But  Clients are able to install the application and can run the application.

 

Kindly give advice how to block application so that user in client machine can not install the such application and can't run it.

 

It will helps us to restrict the unwanted application run on the network

MJ-perComp

Hi,

application control is not designed to inhibit installation of an application. It is to control it's communication to the network.

 

So if you do not want a user to install an application, why grant him the right to do so? That should be limited by Windows, i.e. Split between user and admin role.

 

Furthermore: application control adds a specific HASH to the table. If the binary matches this HASH it will be blocked. This helps to avoid users just to rename the application and then run it.
BUT: If there is an update of the same Application it will not be blocked anymore, because that has a different HASH.

 

A possible way is to DENY any unknown application and then whiteliste those that you allow. But you need to keep track of updates and add new versions to the list. As a sideeffect this helps alot to keep a clean an homogenous versioning.

(Just want to mention that this is somewhat clumpsy and under review by FS already)