Adding Files to Application Library
You can add files to the Application Library directly from Application Control Log Queries.
You may want to add files to Application Library after Easy Lockdown has been applied. One method is to scan an endpoint with the required files, but this can be time consuming. It is more convenient to add the files from an Application Control Log Query. For example, you could:
- Use an All Denied Application Events log query to identify files that have been blocked from running.
- Use an All Applications Executed By Local Authorization log query to find non-whitelisted files that have been running on selected endpoints.
These files can be easily added to Application Library from the query pages. You can then group them into applications and application groups and assign appropriate Application Control policies to them.
If you want to immediately authorize, deny, or trust a file, this can also be done from Application Control Log Queries. See Authorizing, Denying, and Trusting Files from Logs for more information.
Most Application Control Log Query types return a list of files and display the Add to Application Library button which is enabled when one or more files are selected.
The All Memory Injection Detection Events and the All Updaters Added by Trusted Updaters queries do not display this button as its action is not applicable to the files listed.
Adding Files to Application Library
You can add files to Application Library directly from an Application Control Log Query.
Prerequisites:
You have run an Application Control Log Query and determined that one or more files should be added to Application Library.
- Select Review > Application Control Log Queries.
The Application Control Log Queries page opens displaying a list of completed queries. - In the Query Name column, click the name of the log query you want to view.
The Query Results page opens, displaying the detailed results of the query. - Select the file(s) that you want to add to Application Library.
The Add to Application Library button is enabled. - Click Add to Application Library.
An Add to Application Library confirmation dialog opens. - Complete the task according to the dialog displayed.
- Click Close.
- Click Application Library. Going directly to the Application Library, you can organize the files into applications or application groups, and you can apply specific policies to them.
- Click Add the other [number] files.
- Click Don't add.
|
Confirmation Dialog |
Action |
|---|---|
|
Your files have been added to the Application Library |
Do one of the following: |
|
This file already exists in the Application Library |
Click Close. As the file is already in the library, there is no need to add it. |
|
These files already exist in the Application Library |
Click Close. As the files are already in the library, there is no need to add them. |
|
[Number] of the selected files already exist in the Application Library |
Do one of the following: |
One or more files listed in an Application Control Log Query have been added to Application Library.