Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Apex One Application Control Rules

    • Updated:
    • 12 Feb 2020
    • Product/Version:
    • Apex Central All
    • Apex One All
    • Apex One as a Service
    • Platform:
Summary

This article presents the procedures on how to configure a Lockdown Rule as well as an Allow and Block Rule in Apex One Application Control.

Details
Public

To configure the Lockdown Rule:

  1. Log into the Apex Central console.
  2. Go to Policies > Policy Management.
  3. Create a new policy or select the target policy.
  4. Expand "Application Control Settings".
  5. Tick "Enable Application Control".

    Application Control Rules

  6. Under Additional Actions, select the radio button for Lockdown.

    Application Control Rules

  7. Deploy the policy.

Once done, this should push the Lockdown Rule to the endpoint and Inventory Scan will start. Refer to the following article for more information: Using the Apex One Application Control Lockdown.

To configure the Allow or Block Rule:

  1. Log into the Apex Central console.
  2. Go to Policies > Policy Resources > Application Control Criteria.
  3. Click Add Criteria and select either Allow or Block.
  4. Specify the following on the Criteria page:
    • Allow Rule:

      Name:
      Trust permission

      • Application cannot execute external processes – Only the parent executable is allowed to be run.
      • Application can execute other processes – This would allow the parent and required child processes to run.
      • Inheritable execution rights – This allows execution of the child executable without running the parent executable.

      Match Method

    • Block Rule:

      Name:
      Mode

      • When Enable assessment mode is ticked, this will allow the application to run but a log will be generated.

      Match Method

     
    For details about Match Method, check the Glossary section.
  5. Once done, click Save.
  6. Go to Policies > Policy Management.
  7. Create a new policy or select the target policy.
  8. Expand "Application Control Settings".
  9. Ensure that "Enable Application Control" is ticked.

    Application Control Rules

  10. Assign a new rule or select the user account present.
  11. On the Assign Rule window, select the newly created rule.

    Application Control Rules

  12. Click Ok.
  13. Click Deploy.
  • Match Method

    Application Reputation List – These are commonly used applications that are part of the Trend Micro Certified Safe Software List. The AIR score would depend on product popularity and reputation.

    Application Control Rules

  • File Paths

    They use the specified location of the executable. They support string, wildcard, and regular expression.

    Application Control Rules

  • Certificates

    These use digital signatures to allow or block applications.

    Application Control Rules

    Application Control Rules

  • Hash Value

    This uses the unique hash value per application.

    Application Control Rules

    Application Control Rules

    • Manual - Once the SHA-1 or SHA-256 hash value is identified, simply enter it in this pane.
    • Import - Use the Hash Generation Tool (Readme) to collect these details in a csv file.
  • Gray Software List

    This list contains software that may be malicious if not used properly.

    Application Control Rules

    A Rule is available in Apex Central by default.

    Application Control Rules

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000241616
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.