Issue:
- How to create an Application control rule in WithSecure Policy Manager Console which blocks an application?
- What 'condition' should be used for example to block Microsoft Office using Application Control?
Resolution:
The WithSecure Application Control feature is included in WithSecure Client Security 15 Premium and newer versions.
Follow the example below to block Microsoft Office using Application Control for Business Suite
- Log in to Policy Manager Console
- Select a Policy domain or host from from the Domain Tree
- Go to the Settings tab
- Go to Application control
- Click 'Add Rule'
- Conditions:
- Event : Run Application
- Action : Block
- Target product name : Contains Microsoft Office
For Elements,
Login to Elements Security Center / Elements Portal
- Under Profiles select a profile.
- From the menu on the left, select Application control.
- Depending on what kind of rule you want to add, select either Add a new top rule or Add a new rule.
- Enter a name for the rule.
- From the Event drop-down menu, select the event that triggers the rule.
- From the Action drop-down menu, select Allow, Block, or Allow and monitor.
- Enter a description for the rule.
- Do the following to add one or more conditions that activate the new rule:
- Select Add condition.
- From the attribute drop-down menu, select an attribute.
- From the condition drop-down menu, select a condition for the attribute.
- Enter a value for the condition.
Full steps can be referred at https://www.withsecure.com/userguides/product.html#business/psb-portal/latest/en/task_D5DDA11EBAE543F0977322A363DE879D-psb-portal-latest-en
Article no: 000017426