Authorize Applications Centrally

Use a Supplemental Easy Lockdown/Auditor policy to centrally authorize executables or applications and update the endpoint whitelists for the users to which the policy is assigned. You'll find this policy helpful when you want to:

• Authorize executables or applications when they have been blocked on users' endpoints

• Authorize executables or applications for users or endpoints regardless of whether the applications have already been installed on the endpoints. This means that if the files are not already on the endpoints and are added later, the files are already whitelisted and so they will be allowed to execute.

After you've organized files into Applications and Application Groups, you can authorize specific Applications or Application Groups for users and endpoints using a Supplemental Easy Lockdown/Auditor policy. This policy works in conjunction with the Easy Auditor or Easy Lockdown policy by supplementing the endpoint whitelist you created in Easy Auditor and Easy Lockdown.

Create a Supplemental Easy Lockdown/Auditor Policy

1. From the Endpoint Security Console, select Manage > Application Control Policies.

   

2. Select Create > Supplemental Easy Lockdown/Auditor Policy.

   

   The Supplemental Easy Lockdown/Auditor Policy wizard opens.

   

3. Complete the wizard. See Creating a Supplemental Easy Lockdown/Auditor Policy in the Application Control Help for detailed steps.

   Under Logging, select Log when an end user launches applications authorized by this policy to determine whether certain applications are used in your environment. This is useful when you want to remove certain applications or application versions from your environment. However, don't select this option generally for all applications authorized by the policy, as this results in large numbers of logs for widely used applications.

   

Maintain a Test Endpoint

Executables must be in the Application Library so that you can authorize or deny them. If you have not already established a test endpoint to scan new applications, set one up now so that any applications you want to authorize can be scanned and added to the Application Library.

Authorize, Deny, or Trust Executables Directly from the Application Library

You can quickly authorize, deny, or trust files, Applications, and Application Groups from within the Application Library. Select the item you wish to authorize, deny, or trust and click the associated button on the toolbar.

For more information, see Authorizing Files, Applications, and Application Groups in Application Library and Denying Files, Applications, and Application Groups in Application Library in the Application Control Help.