In this section:
Rule Sets allow you to create rules targeting specific groups, users, devices, scripts and processes. You can assign security level policies, resource access, and resource restrictions that apply to the rule sets when the rules are met.
Rule matching takes place when Application Control intercepts a file execution request and checks the configuration policy to determine whether a file is allowed to run.
Applying Rule Policies
The most lenient security policy is applied to a user profile that is affected by more than one rule. For example, a user who matches both a user rule assigned the Restricted security level and also a group rule that assigns the Self-Authorizing security level is granted self-authorizing privileges for all decisions and application use.
Matching Files and Rules
The Application Control agent applies rules by making a suitable match for the file type.
Matching is based on a three stage approach that considers security, matching order, and policy decisions:
- Is the user restricted?
- Is ownership of the executable item trusted?
- Where is the executable located?
- Does the executable match a signature?
- Does the executable match an allowed or denied Item?
- Is Trusted Ownership checking enabled?
- Is there a timed exception?
- Is there
an application limit?
Example: File 'confidential.doc' is held within folder 'common'. A rule specifies that file 'confidential.doc' is denied but folder 'common' is allowed. The more granular rule takes precedence and the file confidential.doc will be denied.
Rule Sets provide an overview of all the Rule Sets in the configuration and include:
You can right-click the Rule Sets node and perform the following actions:
•Add Rule Set - a new node is added under the applicable Rule Set node and the relevant rule set work area displays. For example, add a new Group Rule Set, a new node is added under the Group node and the Group Rule Set work area displays.
•Sort - Sorts all list items in either ascending or descending order.
•Expand All - Expands all levels below Rule Sets.
•Collapse All - Collapses all levels below Rule Sets.