cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How to block application and allow only 10-15 Application

We have configured whilelist of 10-15 application and in our policy and applied on few test system. But when enabled mode is checked it allows all the applciation to run that are already preinstalled.

I ahve below query 

1.can we block all preinstalled apps and allow only selected application to execute.

2.Also can we place enable mode directly after fine tuning of policy is done.

3. Policy takes after system is solidified or without also it works.

1 Reply

Re: How to block application and allow only 10-15 Application

Hi @prasunthapa,

In Application Control whitelist is a "dynamic whitelist". It means you don't create the whitelist but it is created automatically when you deploy Application Control to your systems. After that you can create a black list for not allowed applications. The workflow is as follows:

  1. Deploy Solidcore and solidifie system.
  2. Whitelist is created automatically during solidification. All applications installed in the system during solidifiication are whitelisted. A whitelist is created PER SYSTEM, there isn't a global whitelist.
  3. In enable mode, only whitelisted applications can make changes in systems, any other will be blocked.
  4. In Observe mode, not whitelisted applications are allowed to make changes in the system and a request is created in "Policy discovery" page. There you can allow the change (application will be "whitelisted" or deny it. You have several options to do that.
  5. If you want block applications, you have to ban them one by one from inventory page of the system.

Regarding your third question, solidifying proccess starts automatically after enabling Application Control (not putting in Enabled mode, there is a subtle diference). When solidification proccess finishs Default policy for Application Control is applied (or a custom policy if you assigned it to the system). Then you can put yor system in "Observe Mode" or in "Enabled mode". I recommend you put it in "Observe mode" and approve or deny requests in "Policy discivery" page. After a period (days or even months), when there are almost no requests in "Policy discovery" page, you can put the system in "Enabled mode".

You can read best practices document for detailed information:

https://kc.mcafee.com/agent/index?page=content&id=PD26726&actp=null&viewlocale=en_US&showDraft=false...

Regards

David Igualada