Custom Rules

Custom rules apply settings to devices hosting the Application Control Agent and configuration. You can add items to the Allowed Items, Denied Items, Trusted Vendors, User Privileges, and Browser Control nodes in each group rule node.

Custom rules allow security control rules to be applied when certain conditions are met. You can specify conditions for the following:

  • Computer
  • Directory membership
  • Environment
  • Files and folders
  • Registry
  • Session and client
  • The user

You can also create custom scripted conditions using Visual Basic or Java Script.

For example, you can create a custom rule that allows only users who belong to the Finance OU and who are not working on laptops to self-elevate to install a specific accounting application.

If you select the Custom Rules node, the All Custom Rules summary displays the Rule Name and the Security Level.

To add a custom rule, click the Add Rule drop-down arrow on the Rules ribbon and select Custom Rule.

To remove a custom rule, select a rule and click Remove Rule on the Rules ribbon. A confirmation message displays. Click Yes to confirm the removal.

Support for Custom Rules from Earlier Versions

Custom rules in version 10.0 differ considerably from Custom rules in version 8.8 and 8.9. You can upgrade version 8.8 and 8.9 configurations that contain Custom rules by opening them in a version 10.0 console and saving them. This recreates the Custom rules by using the new version 10.0 conditions, matching the behavior of the earlier version rules.

If you do not upgrade a version 8.8 and 8.9 configuration, the Application Control Agent version 10.0 still reads the configuration, but the URL Redirection and Custom rules are ignored. The rest of the configuration still applies.