Views:

To configure the Lockdown Rule:

  1. Log into the Apex Central console.
  2. Go to Policies > Policy Management.
  3. Create a new policy or select the target policy.
  4. Expand Application Control Settings, and tick the Enable Application Control box.
  5. Under Additional Actions, select the radio button for Lockdown.
  6. Deploy the policy.

Once done, this should push the Lockdown Rule to the endpoint and Inventory Scan will start. Refer to the following article for more information: Using the Apex One Application Control Lockdown.

To configure the Allow or Block Rule:

  1. Log into the Apex Central console.
  2. Go to Policies > Policy Resources > Application Control Criteria.
  3. Click Add Criteria and select either Allow or Block.
  4. Specify the following on the Criteria page:
    • Allow Rule:
      • Name
      • Trust permission
        • Application cannot execute external processes – Only the parent executable is allowed to be run.
        • Application can execute other processes – This would allow the parent and required child processes to run.
        • Inheritable execution rights – This allows execution of the child executable without running the parent executable.
      • Match Method
    • Block Rule:
      • Name:
      • Mode
        • When Enable assessment mode is ticked, this will allow the application to run but a log will be generated.
           
          The all block criteria may not take effect when the match method overlaps with another rule. This is because of the Apex One Application Control hierarchy of Allow > Block (Assessment) > Block.
           
      • Match Method
         
        For details about Match Method, check the Glossary section.
         
  5. Once done, click Save.
  6. Go to Policies > Policy Management.
  7. Create a new policy or select the target policy.
  8. Expand Application Control Settings, and ensure that Enable Application Control is ticked.
  9. Assign a new rule or select the user account present.
  10. On the Assign Rule window, select the newly created rule.

    Assign Rule

  11. Click Ok.
  12. Click Deploy.

  • Match Method

    Application Reputation List – These are commonly used applications that are part of the Trend Micro Certified Safe Software List. The AIR score would depend on product popularity and reputation.

    Match Method

  • File Paths

    They use the specified location of the executable. String and regular expressions are supported.

    File Paths

  • Certificates

    These use digital signatures to allow or block applications.

    Certificates

    Certificate Criteria

  • Hash Value

    This uses the unique hash value per application.

    Hash value

    Import

    • Manual - Once the SHA-1 or SHA-256 hash value is identified, simply enter it in this pane.
    • Import - Use the Hash Generation Tool (Readme) to collect these details in a csv file.
  • Gray Software List

    This list contains software that may be malicious if not used properly.

    Grayware

    A Rule is available in Apex Central by default.

    Apex Central Policy

Keywords: configure application control, configure rules, lockdown, lockdown rule, allow rule, block rule, allow or block, allow, block, apex one, application control rules, apex central console, configuring, expand all lockdown rule, configure
Comments (0)