Security Controls

Allowed Items

In this section:

About Allowed Items

File

Folder

Drive

File Hash

Rule Collection

About Allowed Items

Add Allowed items to rule sets to grant users access to specific items without providing them with full administrative privileges. The Allowed items are displayed in the Allowed Items list under a selected rule set:

File

If a filename alone is specified, for example, myapp.exe, then all instances of this are allowed regardless of the location of the application. If the file is specified with the full path, for example, \\servername\sharename\myapp.exe, then only this instance of the application is allowed. Other instances of this application need to satisfy other Application Control rules to be granted execution.

Folder

A complete folder may be specified, for example, \\servername\servershare\myfolder, and all applications within this folder, and all subfolders if required, allowed to execute. No checks are made on the files within the folder and as such any file copied into this folder will be allowed to execute. Select Include subfolders to include all directories beneath the specified directory. If you add a network file or folder path you must use the UNC name, as the Application Control agent ignores any paths that are configured where the Drive letter is not a local fixed disk. The user can access the network application through a network mapped drive letter, as the path is converted to UNC format before validating it against the configuration settings. To automatically apply environment variables, select Substitute environment variables where possible in the Add a file or Add a folder dialogs. This makes the paths more generic for applying on different machines. Wildcards support provides an additional level of control for specifying generic file paths.

Drive

You can specify a complete drive, for example; W, and all the applications on this drive are allowed to execute, including subfolders. No checks are made on the files in the drive so any file copied into any folder on this drive is allowed to execute.

File Hash

A file may be added along with a digital hash of the file. This ensures that only that particular file may be executed but from any location.

Rule Collection

A you can add a rule collection to the allowed items for any rule set.

Related Topics

Denied Items


Was this article useful?