Security restrictions in Workspace Control help you secure the user workspace at different levels:
- Applications: prevents the use of unauthorized applications and executables.
- Removable Disks: secures the use of removable disks.
- Files and Folders: prevents the use of specific file types and folders.
- Read-Only Blanketing: renders all local drives on servers and desktops read-only.
- Authorized Certificates: adds an additional check on file certificates when using Managed Application Security.
- Authorized Files: allows you to authorize files, folders and drives, on global level.
- Network Connections: prevents unauthorized network connections.
- User Sessions: restricts users to a single Workspace Control session at a time.
Except for security restrictions on network level, all security restrictions are based on kernel mode drivers, that offer a high level of security while minimizing the overhead on your system. Security restrictions on network level are based on the NetGuard driver, which is similar to the other drivers, but secures your network connectivity. The RESNFLT driver offers browser independent Website Security.
System processes (such as svchost.exe) are also subject to Security. This means that these processes cannot start sub-processes (such as e.g. Windows Media Player or MP3 files) indirectly. Authorized Files contains a default rule that allows you to control this behavior.
In general, if security restrictions are enabled, all executables that exist in the user's Start Menu are accessible to the user. All other executables are inaccessible.
Search engine on Log tabs
On the Log tabs, by default, the first 100 log entries are automatically shown when clicking Search. When the option Show last 100 entries only is not checked, the log view will be cleared. You can then search for the desired log entries.
Except on the Authorized files > Log tab, a More button is present on the Log tabs. Clicking this button allows you to group your search (Group By) or specify a Date / Time Filter for your search. The # incidents at the bottom of the overview is dynamic.