Security Controls Evaluation Guide

Home 

Allowed Items

Overview

Add Allowed items to rule sets to grant users access to specific items without providing them with full administrative privileges.

Application Control doesn't just take the application name, it also looks at the file path and the file hash.

You can allow the following rule items:

  • File
  • Folder
  • Drive
  • File hash
  • Collection

For further details on each of the allowed rule items please see the Ivanti Security Controls Help.

Try it yourself

This example demonstrates how you can control access to network applications, such as App-V applications.

1.In the Application Control Configuration Editor navigate to Rule Sets > Group > Everyone > Executable Control.

2.In the right-hand work area, select the Allowed tab, right-click and select File.

3.In the Add a File dialog, in File enter the name of a file from a network share.

4.Select Allow file to run even if it is not owned by a trusted owner.

5.Click Add to add the item to the Allowed list.

6.Now repeat step 1 and 2 but this time select File Hash.

7.In the Add a File Hash dialog, click in File to launch the Windows Explorer Browser, navigate to and select the locate the required file. Click Open.

The File Hash Value is automatically populated.

8.Click Add to add the item to the Allowed list.

9.Save and deploy the configuration.

Test it

Try and run the two files added, one will be blocked because it has no file hash and the one with a file hash will run.

Your next step

Application Limits and Access Times

Denied Items

Why use Executable Control?


Was this article useful?