The process of creating a list of applications and allowing only those to run is called as application whitelisting. Application Control Plus enables whitelist creation on the basis of policies like vendor, product name, file hash and executables with valid digital signatures. IT admins can easily manage the lists created as applications will automatically get added to them, as and when they are discovered, if they comply with the policies set.
Here are the best practices to be followed while creating application whitelists.
The process of creating a list of applications and prohibiting only those from running is called as application blacklisting. Application Control Plus enables blacklist creation on the basis of policies like vendor, product name, file hash and executables with valid digital signatures. IT admins can easily manage the lists created as applications will automatically get added to them, as and when they are discovered, if they comply with the policies set.
Greylisted applications are those that exist in a network without being a part of any of the whitelists or blacklists created. This essentially means that these applications are unmonitored, as they have no policies associated to them. They will run based on the mode of flexibility chosen, i.e they will run when in audit mode and will be prohibited in strict mode. Please note that it is ideal to minimize the number of greylisted applications to ensure maximum security.Learn more.
All the applications that are clustered together to build either a whitelist or a blacklist, will be considered as an application group. These groups will be automatically built based on the rules you set for each of them.
Users who require similar groups of applications can be clustered together to form Custom Groups. This grouping process can be based on roles, departments or any other criteria of your preference.
Any of the Windows computers in your network with the requirements mentioned here can be hosted as your Central server.
Application Control Plus offers same pricing plan for workstations and servers, with one free and one enterprise edition. For more details on the pricing, refer to our online store.
Application control requirements and approaches vary from enterprise to enterprise. Refer Application Control Best Practices to understand the recommended routine.
Refer Application whitelisting vs blacklisting to understand which is better.
The two flexibility modes available are audit mode and strict mode. It is recommended to initially deploy policies in the audit mode, where greylisted applications will be allowed to run along with the whitelisted ones. Once the admin has a clear picture of the applications their users actually require, they can move all of them to a whitelist and shift to the strict mode. In the strict mode none of the greylisted applications will be allowed to run. Note: By default blacklisted applications will not run in any of the modes.
This rule can be chosen when the application control requirements of the enterprise is not that stringent. All software vendors with valid certificates will be displayed to the admin. From this, only applications that belong to the vendors the admin chooses will be added to the whitelist/blacklist. This lets admins create lists based on broad parameters, hence minimizing admin queries based on inability to access essential applications.
If you want to whitelist/blacklist only certain products from the same vendor, this type of policy can be opted for instead of the vendor rule.
Applications are made of multiple executable files, with vendors assigning a digital certificate to each executable to vouch for its authenticity. Application Control Plus displays these verified executable files to you, from which you can select the EXE files to be whitelisted/blaclisted. This policy is critical when it comes to maintaining a secure network, as a file will not be allowed to execute if its digital certificate has been tampered with. Even EXEs added to applications in the form of updates will not be allowed to run if they aren't whitelisted.
This is the most secure policy, as it's based on the hash value of the executable file. All EXEs of the running processes, including those that don't have a valid digital certificate, will be displayed. You can choose all the files that you wish to whitelist/blacklist; after that, even the smallest change to the file, such as a revision of the file's version, will change its hash value, meaning the file will be removed from the list. This policy is perfect if you want to run only extremely specific executables.
In case you want to add an application which hasn't been run yet to a whitelist/blacklist, you can opt to manually add the files.
Endpoint Privilege Management is the process of allocating application-specific privileged access to users based on their requirements. You can easily adopt the principle of least privilege through out your network, without it affecting your productivity using this feature. It enables privileged access to applications without compromising the privileged credentials or any unnecessary privilege elevation. Please refer here for more information.
Using the Endpoint Privilege Management feature, you can elevate application specific privileges of certain users, without compromising the privileged credentials or elevating their entire organizational level privileges.
Application Control Plus supports Windows 8, Windows 8.1 and Windows 10.