Working with Supplemental Easy Lockdown/Auditor Policy

Administrators can use a Supplemental Easy Lockdown/Auditor policy to add applications to an endpoint's whitelist, thereby authorizing the applications to run. This is a good way to authorize an application after Easy Lockdown.

This feature is implemented through the Supplemental Easy Lockdown/Auditor Policy Wizard. The administrator can specify what is to be authorized at file, application, and application group level, based on what is configured in Application Library.

Important: A Supplemental Easy Lockdown/Auditor policy can only be applied to an endpoint that already has a whitelist, created when Easy Auditor or Easy Lockdown was applied.

Even though based on endpoint whitelists, the Supplemental Easy Lockdown/Auditor policy provides convenient centralized control for whitelisting applications.

Supplemental Easy Lockdown/Auditor in Practice

A Supplemental Easy Lockdown/Auditor policy is a good method for authorizing a new application after Easy Lockdown has been put in place.

When an Easy Lockdown policy is in place and running smoothly, it is not a good idea to disable it to install a new application. Rescanning the endpoints takes time and authorizes possibly undesirable software that may be present on endpoints. It is better to authorize the new application using a Supplemental Easy Lockdown/Auditor policy. This can be done in the following way:

  • Install the application on an endpoint that is not locked down.
  • Use Easy Auditor to scan the endpoint and add the application’s executables and installer to Application Library.
  • Create a Supplemental Easy Lockdown/Auditor policy for the application.
  • Assign this policy to the users and locked-down endpoints that need it.

A Supplemental Easy Lockdown/Auditor policy is also useful for authorizing an application or upgrade that is being deployed in stages. For example, when a new version of an application is being rolled out in the enterprise, it is often deployed one department or group at a time. In this scenario the administrator can authorize the new version with a Supplemental Easy Lockdown/Auditor policy, adding it to all endpoint whitelists. Then, as the endpoints in each group get upgraded with the new version, the application can run without the need to reapply Easy Lockdown or assign a trust mechanism to it.

Creating a Supplemental Easy Lockdown/Auditor Policy

You can create a Supplemental Easy Lockdown/Auditor policy that allows execution of specific applications on endpoints and groups, for specified users.

  1. Select Manage > Application Control Policies.
  2. Select Create > Supplemental Easy Lockdown/Auditor Policy.
    The Supplemental Easy Lockdown/Auditor Policy Wizard opens to the Allow execution for the listed applications page.
  3. Type a name for the new Supplemental Easy Lockdown/Auditor policy.

    4. Give the policy a descriptive name. For example, if this policy relates to authorized browsers, you could name it Authorized Browsers Policy.

  4. Build a list of authorized applications (based on application groups, applications, or individual files):

    5. Method

    Steps

    To add application groups:

    1. Click Authorize > Application Groups.
      The Add Application Groups dialog opens.
    2. Enter a full or partial application group name in the search field, or leave it empty to return all values.
    3. Click Search.
    4. Select one or more of the results.
    5. Click Add Application Groups.
    6. Click OK.

    To add applications:

    1. Click Authorize > Applications.
      The Add Applications dialog opens.

    2. Enter a full or partial application name in the search field, or leave it empty to return all values.

    3. Click Search.
    4. Select one or more of the results.
    5. Click Add Applications.
    6. Click OK.

    To add files:

    1. Click Authorize > Files.
      The Add Files dialog opens.
    2. Enter a full or partial file name in the search field, or leave it empty to return all values.
    3. Click Search.
    4. Select one or more of the results.
    5. Click Add Files.
    6. Click OK.

    The application groups, applications, and files available through this dialog are based on the contents of the Application Library. See Working with Application Library for more information.

    One or more application groups, applications or files are displayed in the Assigned List.

  5. Select the Logging options.

    6. Option

    Description

    Log when an end user launches applications authorized by this policy (*.exe only)

    Track the launches of the application's initial executable file only.

    Include all other authorized file executions (e.g. *.dll, *.cpl, >etc.)

    Track the launches of all executable files associated with the application.
  6. Select an option under Activation.

    7. Option

    Description

    Enable

    The policy will be enabled once it is created, as long as you assign it to at least one endpoint or group and one user.

    Disable

    The policy will be disabled once created, even if it is assigned to an endpoint/group and user. You can enable it at a later time.
  7. Click Next.

    8. If you click Finish at this point, the policy will be created but not assigned to any endpoints or users. You can assign the policy at a later time.

    The Supplemental Easy Lockdown/Auditor Policy Wizard opens to the Assign the Supplemental Easy Lockdown/Auditor Policy to groups, endpoints, and/or users page.

  8. The policy must be assigned to at least one endpoint or endpoint group. Assign the policy to endpoints:

    9. Method

    Steps

    To add groups of endpoints:

    1. Select a group or groups from the Groups list.
    2. Click Add >.

    To add individual endpoints:

    1. Select an endpoint or endpoints from the Endpoints list.
    2. Click Add >.

    To remove groups of endpoints:

    1. Select a group or groups from the Assigned List.
    2. Click < Remove.

    To remove individual endpoints:

    1. Select an endpoint or endpoints from the Assigned List.
    2. Click < Remove.

    Use the double-arrows ( ) to switch between groups and endpoints.

    The selected groups and/or endpoints are displayed in the Assigned List.

  9. The policy must be assigned to at least one user or user group. Assign the policy to users:

    10. Method

    Steps

    To add users:

    1. Select one or more users from the Users list.
    2. Click Add >.

      3. If you cannot locate a specific user, click the Add Individual User button. See Adding an Individual User to a Policy for more information.

    To remove users:

    1. Select one or more users from the Assigned list.
    2. Click < Remove.

    Important: Both a user/user group AND an endpoint/endpoint group must be assigned.

    The selected users are displayed in the Assigned list.

  10. Click Finish.
    The Supplemental Easy Lockdown/Auditor Policy is assigned to endpoints/endpoint groups and users.

Adding Application Groups to a Supplemental Easy Lockdown/AuditorPolicy

You can add application groups to a Supplemental Easy Lockdown/Auditor policy using the Add Application Groups dialog.

This dialog is accessed by clicking the Authorize button on the Supplemental Easy Lockdown/ Auditor wizard, then selecting Application Groups from the drop-down.

The application groups available through this dialog are based on the contents of the Application Library. See Working with Application Library for more information.

  1. Type the name of an application group in the search field.

    2. Sub-string matching is supported, so you do not have to type the application group's full name. Typing a partial name may result in multiple matches.

  2. Click Search.
  3. Select the required application group(s).
  4. Click Add Application Groups.
    The selected application groups are added to the list.

    5. You can remove an application group from the list if required by selecting it and clicking Unassign.

  5. Click OK.
    Application groups are added to the Supplemental Easy Lockdown/Auditor policy, the dialog closes and you return to the wizard.

Adding Applications to a Supplemental Easy Lockdown/Auditor Policy

You can add applications to a Supplemental Easy Lockdown/Auditor policy using the Add Applications dialog.

This dialog is accessed by clicking the Authorize button on the Supplemental Easy Lockdown/ Auditor wizard, then selecting Applications from the dropdown.

The applications available through this dialog are based on the contents of the Application Library. See Working with Application Library for more information.

  1. Type the name of an application in the search field.

    2. Sub-string matching is supported, so you do not have to type the application's full name. Typing a partial name may result in multiple matches.

  2. Click Search.
  3. Select the required application(s).
  4. Click Add Applications.
    The selected applications are added to the list.

    5. You can remove an application from the list if required by selecting it and clicking Unassign.

  5. Click OK.
    Applications are added to the Supplemental Easy Lockdown/Auditor policy, the dialog closes and you return to the wizard.

Adding Files to a Supplemental Easy Lockdown/Auditor Policy

You can add files to a Supplemental Easy Lockdown/Auditor policy using the Add Files dialog.

This dialog is accessed by clicking the Authorize button on the Supplemental Easy Lockdown/ Auditor wizard, then selecting Files from the dropdown.

The files available through this dialog are based on the contents of the Application Library. See Working with Application Library for more information.

  1. Type the name of a file in the search field.

    2. Sub-string matching is supported, so you do not have to type the file's full name. Typing a partial name may result in multiple matches.

  2. Click Search.
  3. Select the required file(s).
  4. Click Add Files.
    The selected files are added to the list.

    5. You can remove a file from the list if required by selecting it and clicking Unassign.

  5. Click OK.
    Files are added to the Supplemental Easy Lockdown/Auditor policy, the dialog closes and you return to the wizard.

Removing Applications from a Supplemental Easy Lockdown/Auditor Policy

You can remove applications from a Supplemental Easy Lockdown/Auditor policy.

  1. Select Manage > Application Control Policies.
    A list of policies is displayed.
  2. Select a Supplemental Easy Lockdown/Auditor policy.
    The selected policy is highlighted.
  3. Click Edit.
    The Supplemental Easy Lockdown/Auditor Wizard opens.
  4. Select the application(s) you want to remove from the Denied Applications policy.

    5. Applications can be defined at file, application, and application group level in the Application Library.

    The Remove button is enabled.

  5. Click Remove.
    A confirmation dialog is displayed.
  6. Click Yes.
  7. Click Finish.
    The specified application groups, applications or files are removed from the Supplemental Easy Lockdown/Auditor policy.

Adding an Individual User to a Policy

You can add one or more individual users to a policy using the Add Individual Users dialog.

This dialog is accessed by clicking the Add Individual User button on a User pane. This feature is available on wizards that support user assignment.

  1. Search for users using either of the following methods:

    2. Option

    Steps

    Search for all users

    Leave the Username field blank and click Search. This returns all existing users in the current domain.

    Search for one or more selected users

    1. Type a user name in the Username field.

      2. Sub-string matching is supported, so you do not have to type the full name. Typing a partial name may result in multiple matches

    2. Click Search.

    One or more users appear in the results list.

    If you cannot find the user(s) you want, try searching other available domains. Select a searchable domain controller from the Domain drop-down list.

  2. Select one or more users.
  3. Click Add Users.
    The users are added to the selection list.
  4. Click OK.
    The Add Individual Users dialog closes and you return to the Users pane of the policy wizard, with the new user(s) added to the Users list.

Assigning a Supplemental Easy Lockdown/Auditor Policy

You can select an existing Supplemental Easy Lockdown/Auditor policy and assign it to endpoints/ endpoint groups and users/user groups.

A Supplemental Easy Lockdown/Auditor policy requires both an endpoint/endpoint group and a user/ user group assignment.

  1. Select Manage > Application Control Policies.
    The Managed Policies tab on the Application Control Policies page is displayed.
  2. Select a Supplemental Easy Lockdown/Auditor policy.

    3. Filter the Policy Name and Policy Type columns to locate the required Supplemental Easy Lockdown/Auditor policy.

    The selected policy is highlighted.

  3. Click Assign.
    The Supplemental Easy Lockdown/Auditor dialog is displayed.

  4. The policy must be assigned to at least one endpoint or endpoint group. Assign the policy to endpoints:

    5. Method

    Steps

    To add groups of endpoints:

    1. Select a group or groups from the Groups list.
    2. Click Add >.

    To add individual endpoints:

    1. Select an endpoint or endpoints from the Endpoints list.
    2. Click Add >.

    To remove groups of endpoints:

    1. Select a group or groups from the Assigned List.
    2. Click < Remove.

    To remove individual endpoints:

    1. Select an endpoint or endpoints from the Assigned List.
    2. Click < Remove.

    Use the double-arrows ( ) to switch between groups and endpoints.

    The selected groups and/or endpoints are displayed in the Assigned List.

  5. The policy must be assigned to at least one user or user group. Assign the policy to users:

    6. Method

    Steps

    To add users:

    1. Select one or more users from the Users list.
    2. Click Add >.

      3. If you cannot locate a specific user, click the Add Individual User button. See Adding an Individual User to a Policy for more information.

    To remove users:

    1. Select one or more users from the Assigned list.
    2. Click < Remove.

    Important: Both a user/user group AND an endpoint/endpoint group must be assigned.

    The selected users are displayed in the Assigned list.

  6. Click OK.
    The Supplemental Easy Lockdown/Auditor policy is assigned to selected endpoints/endpoint groups and users/user groups.

Assigning a Supplemental Easy Lockdown/Auditor Policy to an Endpoint

You can assign a Supplemental Easy Lockdown/Auditor policy to a selected endpoint.

  1. Select Manage > Endpoints.
    The Endpoints page opens to the All tab.
  2. In the Endpoint Name column, click an endpoint link.
    Detailed information for the selected endpoint is displayed.
  3. Select the Application Control Policies tab.
    A list of Application Control policies assigned to the endpoint is displayed.
  4. From the toolbar, select Assign > Supplemental Easy Lockdown/Auditor Policy.
    The Assign Policy dialog is displayed, listing existing Supplemental Easy Lockdown/ Auditor policies.
  5. Select one or more Supplemental Easy Lockdown/Auditor policies.

    6. If multiple Supplemental Easy Lockdown/Auditor policies are assigned to a group, policy settings may conflict. Go to Multiple Policy Resultant Value Rules to see how these conflicts are resolved.

  6. Click OK.
    One or more Supplemental Easy Lockdown/Auditor policies are assigned to the group.

Unassigning a Supplemental Easy Lockdown/Auditor Policy

You can unassign a Supplemental Easy Lockdown/Auditor policy, removing the association between it and its endpoints and users. Policies that are no longer assigned remain in the system as unassigned policies, which you can re-assign to endpoints and users at a later time.

  1. Select Manage > Application Control Policies.
    A list of policies is displayed.
  2. Select one or more Supplemental Easy Lockdown/Auditor policies.

    3. Filter the Policy Name and Policy Type columns to locate required policies.

    The selected policies are highlighted.

  3. Click Unassign.
    One of two confirmation dialogs is displayed, depending on whether you selected a single policy or multiple policies.

  4. Click Yes.
    One or more Supplemental Easy Lockdown/Auditor policies are unassigned.

Editing a Supplemental Easy Lockdown/Auditor Policy

You can edit a Supplemental Easy Lockdown/Auditor policy and, for example, change the logging options or the endpoints to which it is assigned.

  1. Select Manage > Application Control Policies.
    A list of policies is displayed.
  2. Select a Supplemental Easy Lockdown/Auditor policy.

    3. You can only edit one policy at a time.

    The selected policy is highlighted.

  3. Click Edit.
    The Supplemental Easy Lockdown/Auditor Policy Wizard opens.
  4. [Optional] Edit the Policy Name.
  5. [Optional] Add more applications to the whitelist (based on application groups, applications, or individual files):

    6. Method

    Steps

    To add application groups:

    1. Click Add > Application Groups.
      The Add Application Groups dialog opens.
    2. Enter an application group name in the search field.
    3. Click Search.
    4. Select one or more of the results.
    5. Click Add Application Groups.
    6. Click OK.

    To add applications:

    1. Click Add > Applications.
      The Add Applications dialog opens.
    2. Enter an application name in the search field.
    3. Click Search.
    4. Select one or more of the results.
    5. Click Add Applications.
    6. Click OK.

    To add files:

    1. Click Add > Files.
      The Add Files dialog opens.
    2. Enter a file name in the search field.
    3. Click Search.
    4. Select one or more of the results.
    5. Click Add Files.
    6. Click OK.

    The application groups, applications, and files available through this dialog are based on the contents of the Application Library. See Working with Application Library for more information.

    One or more application groups, applications or files are added to the whitelist.

  6. [Optional] Remove one or more applications from the whitelist of authorized applications:
    1. Select one or more applications from the list.
    2. Click Remove.
  7. [Optional] Change the Logging option.

    8. Even if this control is not selected, logging may occur when other policy types (such as Easy Auditor or Easy Lockdown) have logging enabled.

  8. [Optional] Change the Activation option.

    9. Option

    Description

    Enable

    The policy will be enabled once it is created, as long as you assign it to a group or endpoint.

    Disable

    The policy will be disabled once created, even if it is assigned to a group or endpoint. You can enable it at a later time.
  9. Click Next.
    The Supplemental Easy Lockdown/Auditor Wizard opens to the Assign the Supplemental Easy Lockdown/Auditor Policy to groups, endpoints and/or users page.
  10. The policy must be assigned to at least one endpoint or endpoint group. Assign the policy to endpoints:

    11. Method

    Steps

    To add groups of endpoints:

    1. Select a group or groups from the Groups list.
    2. Click Add >.

    To add individual endpoints:

    1. Select an endpoint or endpoints from the Endpoints list.
    2. Click Add >.

    To remove groups of endpoints:

    1. Select a group or groups from the Assigned List.
    2. Click < Remove.

    To remove individual endpoints:

    1. Select an endpoint or endpoints from the Assigned List.
    2. Click < Remove.

    Use the double-arrows ( ) to switch between Groups and Endpoints panes.

    The selected groups and/or endpoints are displayed in the Assigned list.

  11. The policy must be assigned to at least one user or user group. Assign the policy to users:

    12. Method

    Steps

    To add users:

    1. Select one or more users from the Users list.
    2. Click Add >.

      3. If you cannot locate a specific user, click the Add Individual User button. See Adding an Individual User to a Policy for more information.

    To remove users:

    1. Select one or more users from the Assigned list.
    2. Click < Remove.

    Important: Both a user/user group AND an endpoint/endpoint group must be assigned.

    The selected users are displayed in the Assigned list.

  12. Click Finish.
    The Supplemental Easy Lockdown/Auditor policy is edited.

Disabling a Supplemental Easy Lockdown/Auditor Policy

You can disable a Supplemental Easy Lockdown/Auditor policy without deleting it. The details of the policy are retained and you can enable it again at a later time.

  1. Select Manage > Application Control Policies.
    A list of Application Control managed policies is displayed.
  2. Select the enabled Supplemental Easy Lockdown/Auditor policy or policies that you want to disable.

    3. Filter the Policy Name and Policy Type columns to locate the policy.

    The selected policies are highlighted.

  3. Click Disable.
    The selected Supplemental Easy Lockdown/Auditor policy or policies are disabled.

Enabling a Supplemental Easy Lockdown/Auditor Policy

You can enable a Supplemental Easy Lockdown/Auditor policy that is currently disabled.

  1. Select Manage > Application Control Policies.
    A list of Application Control managed policies is displayed.
  2. Select the check box for the disabled Supplemental Easy Lockdown/Auditor policy that you want to enable.

    3. Filter the Policy Name and Policy Type columns to locate the policy.

    The selected policies are highlighted.

  3. Click Enable.
    The selected Supplemental Easy Lockdown/Auditor policy is enabled.

Deleting a Supplemental Easy Lockdown/Auditor Policy

You can delete a Supplemental Easy Lockdown/Auditor policy, as long as it is not assigned to any endpoint.

  1. Select Manage > Application Control Policies.
    A list of Application Control policies is displayed.
  2. Select the required Supplemental Easy Lockdown/Auditor policy.

    3. The policy must not be assigned to an endpoint (Assigned column value of Not Assigned). If it is assigned, you must first unassign it to continue.

    The selected policy is highlighted.

  3. Click Delete.
    A confirmation dialog is displayed.

    4. If the policy is currently in use, a message is displayed telling you that the policy can not be deleted until it has been unassigned.

  4. Click Yes.
    The Supplemental Easy Lockdown/Auditor policy is deleted.

Exporting Supplemental Easy Lockdown/Auditor Policies

You can export a list of Supplemental Easy Lockdown/Auditor Policies to a CSV (Comma Separated Value) file.

To export data, refer to Exporting Data.

The list of policies is saved as a CSV file with the following columns:

Name

Description

Status

Enabled or Disabled

Policy Name

The name of the policy

Assigned

Assigned/Not Assigned (if assigned, export includes the groups and endpoints that the policy is assigned to)

Policy Type

The type of policy (Denied Applications, Trusted Updater, and so on)

Blocking

Off, On, Authorized, Non-authorized, or (Authorized, Non-authorized)

Logging

Authorized, Non-authorized, or Off

Last Updated Date

The date the policy was last changed