Identifying valid processes especially for the implementation of the Application Control is surely a huge pain in the A**!!
This would be a lot easier if your company has implemented Active Directory and absolutely standardized all used applications (unlike ours)
You will have to perform a lot of tests especially if you will do the whitelisting like considering process dependencies and so on...
If you don't you may find yourself bombarded with calls from your Software deployment team (because they cannot push apps anymore) or from your
development team (because they cannot run their homegrown apps anymore) or from several VIPs where they cannot sync their super expensive phones
onto their laptops.
Before implementing it with your pilot users, i suggest creating a "lab" first with at least 3-5 workstations (preferrably in different platforms) simulating your current infrastructure. Also create a simulation of your current servers with application control where you will "test" all your policies and see from there any applications or processes that isn't supposed to be blocked and with all the data you will gather from the "lab" test. That is the time where you could deploy it to pilot users in production.
Great answer darkshyre
Yes I ran this solution over a test computers in a LAB and now Im testing in production users (pilot).
And this event I only see it in a particular user.
I think that I need to review this process in more specific way, waht I don't want to do is create a lot of polcies and a lot of updaters, and binary allowed becouse at the end of the day this solution wil be doing nothing becouse all is excluded.
I thinks that a lot of this work is about commond sense and see if the updater is really necesarry or not.
Thanks for your time,