This page refers to an older version of the product.
View the current version of the online Help.

Custom Rules

Custom rules apply settings to devices hosting the Application Control Agent and configuration. You can add items to the Allowed Items, Denied Items, Trusted Vendors, User Privileges, and Browser Control nodes in each group rule node. For more information, see Rule Items.

Custom rules allow security control rules to be applied when certain conditions are met. You can specify conditions for the following:

Computer
Directory membership
Environment
Files and folders
Registry
Session and client
The user

For example, you can create a custom rule that allows only users who belong to the Finance OU and who are not working on laptops to self-elevate to install a specific accounting application.

You can also create custom scripted conditions using Visual Basic or Java Script.

For more information on conditions for custom rules, see Condition Management.

Performance and custom rules

Custom rules enable great flexibility when applying conditions to rules. It may important to understand how they are processed in order to best manage your system performance.

The custom rules engine is very powerful but it can demand considerable resource. To manage performance, by default, the engine only handles process start actions such as launching an executable. DLLs and other file types requiring execute rights are not handled by the custom rules engine and therefore any rule items targeting them will not apply.

Using the EnableCustomRulesDllChecking custom setting, it is possible to modify the behavior to ensure all requests are processed by the custom rules engine. However, on a busy server, this could result in a performance impact so it is worth considering if Process Rules could deliver the required end result.

Refer to this Community article for further information.

Add or remove a custom rule

If you select the Custom Rules node, the All Custom Rules summary displays the Rule Name and the Security Level.

•To add a custom rule, click the Add Rule drop-down arrow on the Rules ribbon and select Custom Rule.

•To remove a custom rule, select a rule and click Remove Rule on the Rules ribbon. A confirmation message displays. Click Yes to confirm the removal.

Support for Custom Rules from Earlier Versions

Custom rules in version 10.0 and later differ considerably from Custom rules in version 8.8 and 8.9. You can upgrade version 8.8 and 8.9 configurations that contain Custom rules by opening them in a version 10.0 console and saving them. This recreates the Custom rules by using the new version 10.0 conditions, matching the behavior of the earlier version rules.

If you do not upgrade a version 8.8 and 8.9 configuration, the Application Control Agent version 10.0 still reads the configuration, but the URL Redirection and Custom rules are ignored. The rest of the configuration still applies.