4 Replies Latest reply on Feb 12, 2012 4:35 PM by DC-SG

    Best approach to create a blacklist

    aacordoba

      Hi Everyone,

       

      I'm working with a customer that want to create a "basic" blacklist of application in order to add as a banned application and block from AC if the user already have installed this applications.

       

      What is the best approach to do this?

       

      I know that if I run a Inventory Task I can get all the information of the computer, but now I only have a list of application, the client give us this list based in past inventorys from SCCM.

       

      Now we want to block this apps how can we do this?

      Thanks in advanced

      Regards

        • 1. Re: Best approach to create a blacklist
          eltonito

          If you were manually adding just a few dozen executables, I'd suggest simply adding them to the relevant Application Control policy under the binaries tab.

           

          If you want to automate it using list, you could convert/import the list into an xml you can then import into a new Application Control rule group.  Then you'd just need to apply that rule group to your relevant Application Control policy.  If you need the format for the xml, you can export an existing rule group to use for a template.

           

          -T.

          • 2. Re: Best approach to create a blacklist
            aacordoba

            Hi,

             

            Thanks eltonito,

             

            My question is more related to how is the best way to do this, what I did is create a virtual machine an install all the applications in the black list and then I ran an inventory and get the .exe file and the hash files from all the application and added to the policy.

             

            Thanks,

            • 3. Re: Best approach to create a blacklist

              There is no thumb rule for how to creat a blacklist but the initial starting point should be provided by client himself. They know their environment well and they should come up with an intial list of un-trusted applicaltions they saw in the past and want to block.

               

              The other way is to take a sample of systems - run inventory task - run a query to see - what kind of applications are installed and prepare a list of trusted and un-trusted.

               

              Remember - even though most of the time the hash are same, but there might be situations where the hashes for the same "executable" are different. But that's a good way to start...

               

              - AB

              • 4. Re: Best approach to create a blacklist
                DC-SG

                Hi eltonito,

                 

                You wrote"  ++++++++++++++

                If you were manually adding just a few dozen executables, I'd suggest simply adding them to the relevant Application Control policy under the binaries tab.

                 

                If you want to automate it using list, you could convert/import the list into an xml you can then import into a new Application Control rule group.  Then you'd just need to apply that rule group to your relevant Application Control policy.  If you need the format for the xml, you can export an existing rule group to use for a template. ++++++++++++++

                 

                It looks like you answer might help my situation, in which I need to write 100s rules for Application Blocking Exceptions as White List (instead of Black List here).  I have 100s executables for the rules.

                 

                I would appreciate if you could show me how to "automate using the list... and convert/import the list into xml..."

                 

                Thank you in advance.

                 

                DC-SG