Fairly new to Application control so forgive me if I am missing something but I have installed App Control 188.8.131.52 on and Endpoint and Solidified. Its running in Observe mode and has rebooted several times. I create a new script and execute it and nothing is displayed locally or in the Policy Discovery. If I set the Endpoint to Enabled Mode and re-run the script the script is blocked and the event is sent to Policy Discovery.
Ah thanks I see so for a file that would Deny Exec in Observe mode its just added to the Local WhiteList and no observation is registered.
So what if I am trying to create a baseline policy using a "known good" endpoint and want to make sure all files executed are added to ePO policy and not just the local whitelist? Or the reverse, I want to see what files are running in Observe mode so I can block certain scripts that should not be in use?
I am also struggling to find enough information on Script Interpreters. For example I want to assign an AD group to PowerShell so that anyone in the group can execute custom PowerShell scripts but I cant see how to do this.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.