Views:
Application Control provides the ability to define criteria that specifically allow certain applications to execute. You can define allow criteria to ensure that Application Control never blocks a certain application, or you can create a complete list of applications allowed to execute on endpoints and then deploy a Lockdown policy to the endpoints. While in Lockdown mode, users cannot execute, access, or install any application that you did not include in the allow criteria.
For more information about Lockdown policies, see Application Control Policy Settings.
Note
Note
By default, an allow criteria takes priority over a block criteria at the top-level process level.
For example, if a.exe is the top-level process, b.exe is the child process, and plugin.dll is the add-on that a.exe loads. Based on the allow and block criteria settings in the following table, the system only allows a.exe to execute.
Criteria
Target
Allow
a.exe
Block
a.exe
Block
b.exe
Block
plugin.dll

Procedure

  1. Go to PoliciesPolicy ResourcesApplication Control Criteria.
    The Application Control Criteria screen appears.
  2. Click Add Criteria and select Allow.
    The Allow Criteria Settings screen appears.
  3. Type a unique Name for the criteria.
  4. Select the level of Trust permission for the applications.
    Permission
    Description
    Example Use
    Application cannot execute external processes
    Applications cannot access any external processes or start any other applications
    Select this option for applications with a low trust level.
    Use when you want to allow standalone applications to run on endpoints but prevent access to other processes
    For example, if a.exe is the top level process that matches the rule and b.exe is the child process, then the system only allows a.exe to execute.
    Application can execute other processes
    Applications can start external processes and applications that users are unable to access directly
    Select this option for applications with a medium trust level.
    Use when you want to allow applications to run on endpoints and still allow access to required child processes or add-ons for the current session.
    For example, if a.exe is the top level process that also loads plugin.dll and b.exe is the child process, then the system allows both a.exe and b.exe to execute, and also loads plugin.dll.
    Inheritable execution rights (not recommended)
    Applications can install and start external processes and applications, and the child applications can also install and start external processes and applications
    In addition to having the same behavior as Application can execute other processes, the system stores the SHA1 values of the processes and automatically allows the processes to execute in subsequent matches.
    Select this option only for applications with a high trust level.
    Use when you want to allow installation packages to execute on the endpoint.
    Inheritable execution rights (not recommended) allows the installation package to perform all installation tasks and then also allows the installed application to run all required processes.
  5. Select the Match method used to identify applications and configure required settings.
    Method
    Description
    Application Reputation List
    Allows you to apply the criteria to applications that TrendAI™ has tested and assigned a security score for
    For more information, see Application Reputation List.
    File paths
    Allows you to apply the criteria to any application installed in the specified location
    For more information, see File Paths.
    Certificates
    Allows you to apply the criteria to applications based on certificate validity and certificate attributes
    For more information, see Certificates.
    Hash values
    Allows you to apply the criteria to applications based on SHA-1 or SHA-256 hash values
    For more information, see Hash Values.
    Gray Software List
    Allows you to include applications to the criteria that TrendAI™ has tested and found to be potentially harmful
    The Gray Software List is a subset of the Application Reputation List and contains applications that may be malicious if not used properly. TrendAI™ recommends blocking or monitoring applications in the Gray Software List to ensure that your network remains secure.
  6. Click Save.