this is the solution design of MAC to prevent installations and modifications or the execution of unknown PEs.
One of the most important things when using MAC is to know or define how systems should be updated in the future. If not, or if any user should be able to install software, MAC makes no sense.
Are you familiar with the difference between binaries, updater and installers??
- If you want to add binaries to the whitelist (this means a file is allowed to be executed) you can do this using the policy. Just add the necessary binaries to the policy in EPO and afterwards the whitelist on any endpoint is updated. Important, the Executable is allowed to be executed, but it is not allowed to install software. E.g. a setup.exe for a specific software.
- To update the system you have to configure trusted updaters. These Updaters are allowed to modify the system. Common updaters could be a firefox updates, chrome updates, windows update and so on.
Form my point of view or from my point of experience, take some time to read the Best Practices Guides and take a look how Application Control works. Take a look at your internal processes.
Hope this helps,
but my problem is that how can I update white list? whenever I need to install some applications from internet on my system, it allows me to install it but when I want to execute it does not allow me. then I execute sc: disable and after that I can execute it.but when I execute sc: begin update and sc: end update and then back to sc:enable it does not allow me to execute it again.Did I do right for the update process?