0 Replies Latest reply on Oct 25, 2016 8:36 AM by sivansigal

    Various questions - Application Control (Solidcore) and more

    sivansigal

      Hello

       

      I have a couple of questions concerning Application Control (Solidcore).

      The version we use in my organization is 6.1.3.

      My questions are as following:

      1. Using the regular HIPS rules, I could only see which applications were used on a specific system, for example - I could only know that POWERSHELL.EXE was used, but I can't see what happened within the process (which scripts the user was running using that process and so on).
        My question is - is there a way to receive this information? Parhaps with Application Control logs, if using the right configuration?
      2. Is it possible to somehow review commands & pieces of code that were used upon a Powershell ISE process?
      3. Not necessarily regarding Application Control - is it possible to somehow monitor the behavior of Human Interface Devices (HIDs)?
        For example - monitor whether there are more than X keyboard types per second etc.

      Thanks in advance!!