Using File Tools

You can use the Application Control Authorization Service Tool to monitor approved and synchronized changes to executable file authorization policies using Microsoft^® Update Services (SUS) and Windows^® Server Update Services (WSUS).

The Ivanti Device and Application Control Authorization Service Tool service authorizes all approved Microsoft^® updates and fixes, creates corresponding hash files, and updates the database.

For more information, see the Ivanti Device and Application Control help

You use the Versatile File Processor tool to scan files in specific locations. The Application Control File Tool consists of two files:

• The filetool.dll that provides the underlying functionality. This file is used by other Ivanti tools, such as the Authorization Service Tool.
• The filetool.exe command line executable file that uses the filetool.dll.

The Application Control File Tool works in one of two modes depending on the parameters you select. The operation modes are:

• Online mode - The online mode is used to scan specific files. The Application Control File Tool connects, by default, to the local Application Server using the login identity of the current user and scans file locations to assign the scanned files to file groups. The files can be assigned automatically, using Application Server suggestions.

You can override the user login default using the command line parameters –s <server> and –u <user/password>. After the assignment, and if the –p option is specified, the tool can request Application Server to notify all the clients (drivers).

• Offline mode - The offline mode produces scan files. Even though the scan files have exactly the same format as the scan files produced by the driver, these cannot be used directly. Offline mode requires an output file name only if using the –o parameter. File assignments cannot be made in offline mode. You can copy the resulting scan files, from the directory that you specified in the command line instruction, to the Application Server %/DataFileDirectory/% to compare your results with previously scanned files.

The Application Control File Tool can scan files contained in archives files with the following extensions: .cab, .zip, .rar, .ace, .jar, and .cs. However, some .cab archives do not have a standard cabinet structure despite having a .cab extension so it may not be possible to scan them correctly.

1. Select Start > Run.
2. Browse to the location where you saved the Ivanti Device and Application Control application software, and select \bin\tools\FileTool.exe file.
3. Add any of the following optional parameters, individually or in combination, to the parameters list command line.

Tip: If you execute the Application Control File Tool without parameters, help output is displayed.

Parameter	Description
-s	Application Server (The default is the current Application Server).
-u	User/password to connect to the Application Server. (The default is the current user).
-o	Offline mode; generate a scan
-d0	Delta mode off. (This is the default value).
-d1	Delta mode on, avoid rescanning files already scanned.
-d2	Delta mode on, clear the list then memorize files already scanned.
-f	Access failure, retry (n) times with a least (m) seconds between attempts. Example: -f 10,3 (10 retry attempts with 3 seconds) between attempts.
-v	Verbose report; generate an xml report that you save to a location you specify in the command line after the parameter.
-r	Report; generate an xml report, errors only, that you save to a location you specify in the command line after the parameter.
-i	Ignore archive contents.
target	File or directory to scan. Tip: To avoid recursive scan on directory, terminate the target entry with \\. The target may also be entered using one of the following keywords in brackets: [drives] (All hard drives) [media] (All removable media) [all] (All hard drives and removable media)
-e	An option wildcard mask.
-c0	File group creation, use only existing groups.
-c1	File group creation, create if necessary. (This is the default value).
-a0	Keep existing assignment, automatically assign new files to existing groups, and assign remaining files to groups you select. Tip: Accepts a list of file groups using the format FileGroup1,FileGroup2...FileGroupn
-a1	Keep existing assignment, assign new files to groups you select.
-a2	Assign existing and new files to group.
-x0	Process all files. Tip: Be very cautious when using this parameter because all files are scanned, even if the files are not executable.
-x1	Only process executable files.
-x2	Only process executable files having a valid digital signature.
-p	Push update to all online clients.

The specified file locations are scanned, and the files designated by the parameters are assigned to file groups.

The SXDomain utility provides a method to automatically schedule domain synchronization, using the Windows Task Scheduler.

You can schedule domain synchronizations with a task scheduler, such as the Windows Task Scheduler. You create a batch file that contains a list of domains to synchronize.

For more information, see the Ivanti Device and Application Control help