Phase 2: Create an Endpoint Whitelist
This phase introduces you to Application Control. You'll see what applications are executing in your environment and decide which ones to authorize. You'll also scan your endpoints to create the endpoint whitelist that's used in later phases. This process puts the endpoints into an audit mode so that you can monitor activity on the endpoints.
This phase also introduces Memory Protection. Even though endpoints will be in audit mode, you can block specified applications and memory-based attacks.
In this phase you will:
-
Scan a small number of endpoints using Easy Auditor to create an endpoint whitelist and discover what applications exist in your environment
-
Review these applications in the Application Library and create Denied Applications Policies for any unwanted software
-
Customize the blocked notification dialog to inform users why applications are being blocked and what to do if they need to use the blocked applications
-
Enable Memory Protection to prevent memory injection attacks
-
Communicate with users so that they understand that Application Control is being implemented, their endpoints will be scanned, and that certain applications are now prohibited and will be blocked. See Appendix 2 for sample end user communications.