Issue:
- Is there a way to block users from accessing or running a specific file with Business Suite products such as Client Security and Server Security?
- Can you for example block C:\Temp\temp.do or even the WithSecure Uninstallation Tool?
Resolution:
With the help of Application Control file access rules, the admin can block the distribution and execution of a certain file in their environment.
When creating the rule, providing only a file hash as a rule condition is enough but may result in performance degradation, because of the need to calculate new digests, especially for big files. To optimize rule performance it is recommended to supply a file size as an extra condition for file access rules.
- Log in to Policy Manager Console
- Select the host or domain from the Domain Tree
- Go to the Settings tab
- Go to the Application control page
- Click Clone to create a custom profile which can be edited
- Set the newly created profile as the Host profile
- Click Add rule
- Set Event as File access
- Set Action as Block
- Add condition: Target SHA1 - Equals - <file SHA1>
- Add condition: Target size - Equals - <file size>
- Click OK to save the rule
- Distribute the policy (Ctrl + D)
Note: To be able to add the target size condition, you need to have F-Secure Policy Manager 14.30
This screenshot shows an example how to configure this in Policy Manager Console. This blocks users from launching a "bad" PDF file containing an exploit.
Article no: 000001830
