Application Control

Home 

This page refers to an older version of the product.
View the current version of the online Help.

Process Rules

The Process node allow security control rules to be matched with specific requesting processes. Process rules allow you to manage access for an application to run child processes which might otherwise be managed differently in other rules. You can add Allowed Items, Denied Items, Trusted Vendors and User Privilege Management to the rule.

For further information, see Rule Items.

You can add files, folders, drives, signature items, network connection items and application groups as managed items into the Allowed Items and Denied Items lists of a process rule.

The Process Rule only manages the first level of child process run by the application, not the children of child processes. The Process does not manage the application. This must be managed by other rules unless the application is managed as a child process in another Process Rule.

Create a Process Rule

The process rule applies to the application that is attempting to start an application, load a component, or access a network resource. The process rule can allow certain applications to run but prohibit it from running when launched by specific processes.

  • Rules are displayed in the order they are created and are not alphabetical.
  • Process rule names must be unique. You cannot create two process rules with the same name.
  • You cannot have duplicate processes.
  • You cannot cut, copy and paste process rules.

  1. From the Rules ribbon, select the Add Rule > Process Rule.

    A process rule is created and consists of four rule items: Allowed Items, Denied Items, Trusted Vendors, and User Privileges.

  2. Right-click the new process rule and select Rename.
  3. Give the rule an intuitive name.

  4. Apply the required security level: Restricted, Audit Only or Unrestricted.

    For more information, see Security Levels.

  5. Add a process to the rule.
  6. Add an item to a rule item.

Add a Process to a Process Rule

Use the Process Rule work area to add processes to a process rule. The processes listed within this area are used during rules processing to match the rule to a request's process originator.

The first column displays the name and location of the process file or signatures, the second contains the signature for the process, if applicable, and the third column displays the description of the process, if present.

  1. Select the process rule.

    The Process Rule work area is displayed.

  2. In the Rules ribbon, select the Add Process drop-down arrow and do one of the following:
    • To add a file, select Add > File

    • To add a signature, select Add > Signature

    You can add multiple files at once. You can drag and drop files from Windows Explorer or another file manager, and cut, copy, and paste.

    You cannot have duplicate processes.

  3. Use the Rescan Signature button on the Rules ribbon to

Add an Allowed or Denied Item to a Process Rule

Allowed Items and Denied Items can contain files, folders, drives, signatures, Windows Store Apps, and network connection items. They can also include groups.

  1. Select the required Allowed or Denied Item.
  2. Click the Add Item drop-down arrow on the Rule Items ribbon and select either Allowed or Denied.
  3. Once you have selected the item type to add to the process rule, do one or more of the following:
    • To add a file, select Add > File
    • To add a folder, select Add > Folder
    • To add a drive, select Add > Drive
    • To add a signature item, select  Add > Signature Item
    • To Add a Network Connection item, select  Add > Network Connection Item
    • To Add a Windows Store App, select Add > Windows Store App
    • To add a group, select Add > Group
  4. Groups can consist of a number of items. For example, all the File, Folder, Drive, and Signature File items for a particular application.

Example: Using a Process Rule to Restrict Access to FTP

You can use process rules to allow, for example, only certain applications to access FTP.

This example shows how to use process rules to allow only a specific application to access FTP ports 20 and 21. The first step is to create a group to specify the

ClosedStep 1 - Create a Group
  1. Select the Group Management node.
  2. Select Add Group on the Groups ribbon.
  3. Select and right-click the new group and select Rename.
  4. Rename the group with an intuitive name, for example, Specify FTP Ports.

  5. Select the Add Item drop-down arrow on the Groups ribbon and select Network Connection.

    The Add a Network Connection dialog displays.

  6. Specify the host in the Host field.
  7. Select the Ports button on the right hand-side of the Ports field. The Common Ports dialog displays.
  8. Select ports 20 and 21: FTP - Data Port and FTP - Control port, and click Add.
  9. Select the Text contains wildcard characters option and click Add.
ClosedStep 2 - Create a Process Rule to Block Access to FTP Ports 20 and 21
  1. Select the top level Process rule node.
  2. Select the Add Rule drop-down arrow on the Rules ribbon and select Process Rule.
  3. Select and right-click the new process rule and select Rename.
  4. Give the rule an intuitive name, for example, Cannot access FTP.

  5. Right-click within the Processes work area, and select Add > File.

    The Add a File dialog displays.

  6. Enter * in the File field and click Add. This denotes that all files are blocked from accessing ports FTP 20 and 21. The use of
  7. Expand the new process rule node.
  8. Select the Denied Items node.
  9. Select the Add Item drop-down arrow and select Denied > Group. The Group selection for dialog box displays.
  10. Select the group created in the Create a Group procedure and click Add. This rule now prohibits all applications from accessing the FTP ports 20 and 21.
ClosedStep 3 - Create a Process Rule to Allow Access to FTP Ports 20 and 21
  1. Select the top level Process rule node.
  2. Select the Add Rule drop-down arrow on the Rules ribbon and select Process Rule.
  3. Select and right-click the new process rule and select Rename.
  4. Give the rule an intuitive name, for example, Can access FTP.

  5. In the Processes work area, right-click and select Add > File.

    The Add a File dialog displays.

  6. Browse to and select the file that you want to access FTP, for example, Internet Explorer.
  7. If required, expand the new process rule node.
  8. Select the Allowed Items node.
  9. Select the Add Item drop-down arrow and select Allowed > Group. The Group selection for dialog displayed.
  10. Select the group created in the Create a Group procedure and click OK. This rule now allows the specified application to access the FTP ports 20 and 21.
ClosedStep 4 - Set the Group Rule to Restricted
  1. Expand the Group node and select BUILTIN\Administrators. The Group Rule work area displays.
  2. Drag the Security Level slider to Restricted.
ClosedStep 5 - Save the configuration

Save the configuration. Only the application specified in the procedure can access FTP ports 20 and 21. All other applications cannot.

This page refers to an older version of the product.
View the current version of the online Help.

The topic was:

Inaccurate

Incomplete

Not what I expected

Other

Copyright © 2019, Ivanti. All rights reserved.

Privacy and Legal