Configuring Application Control to send all encountered application of an endpoint can help the administrators determine what software and applications are regularly being accessed by the end-user of that machine. The data, which can serve as machine’s application control inventory, can later be used when building the Application Control criteria of “approved” and “unauthorized” software and applications.
To configure Application Control:
- Log onto the Apex Central Web Management Console.
- Go to Policies > Policy Resources > Application Control Criteria.
- Click +Add Criteria and select "Block".
- Apply the following configuration:
NAME: Default “Catch-All”
MODE: Enable assessment mode
MATCH METHOD: File Paths
PATH: Any built-in storage
- Click Save.
- Go to Policies > Policy Management.
- Select "Product: Apex One Security Agent".
- Create or Edit Policy and go to the Application Control Settings.
- Under User-Defined Rules, click the All user accounts.
- In the Assign Rule dialog box, click the Default “Catch-All” to move it to the Selected criteria.
- Click Ok to finish and return to Edit Policy page.
- Uncheck the “Display a notification when an application is blocked” checkbox.
- Click Deploy to apply the policy to target endpoints.
After deploying the policy, administrators can generate Log Query of Application Control violations within the next few hours. The result can be filtered to display only violations that fell under the Default “Catch-All” application control criteria by clicking the Show advance filters and configuring the correct criteria.