Defining Allowed Application Criteria

Application Control provides the ability to define criteria that specifically allow certain applications to execute. You can define allow criteria to ensure that Application Control never blocks a certain application, or you can create a complete list of applications allowed to execute on endpoints and then deploy a Lockdown policy to the endpoints. While in Lockdown mode, users cannot execute, access, or install any application that you did not include in the allow criteria.

For more information about Lockdown policies, see Application Control Policy Settings.

  1. Go to Policies > Policy Resources > Application Control Criteria.

    The Application Control Criteria screen appears.

  2. Click Add Criteria and select Allow.

    The Allow Criteria Settings screen appears.

  3. Type a unique Name for the criteria.
  4. Select the level of Trust permission for the applications.

    Permission

    Description

    Example Use

    Application cannot execute external processes

    Applications cannot access any external processes or start any other applications

    Use when you want to allow standalone applications to run on endpoints but prevent access to other processes

    For example, this setting allows Microsoft Word to run but prevents embedded OLE objects from executing.

    Application can execute other processes

    Applications can start external processes and applications that users are unable to access directly

    Use when you want to allow applications to run on endpoints and still allow access to required child processes or add-ons.

    For example, this setting allows Internet Explorer to run and also allows Internet Explorer to execute any installed plug-ins.

    Inheritable execution rights (not recommended)

    Applications can install and start external processes and applications, and the child applications can also install and start external processes and applications

    Use when you want to allow installation packages to execute on the endpoint

    Inheritable execution rights (not recommended) allows the installation package to perform all installation tasks and then also allows the installed application to run all required processes.
  5. Select the Match method used to identify applications and configure required settings.

    Method

    Description

    Application Reputation List

    Allows you to apply the criteria to applications that Trend Micro has tested and assigned a security score for

    For more information, see Application Reputation List.

    File paths

    Allows you to apply the criteria to any application installed in the specified location

    For more information, see File Paths.

    Certificates

    Allows you to apply the criteria to applications based on certificate validity and certificate attributes

    For more information, see Certificates.

    Hash values

    Allows you to apply the criteria to applications based on SHA-1 or SHA-256 hash values

    For more information, see Hash Values.

    Gray Software List

    Allows you to include applications to the criteria that Trend Micro has tested and found to be potentially harmful

    The Gray Software List is a subset of the Application Reputation List and contains applications that may be malicious if not used properly. Trend Micro recommends blocking or monitoring applications in the Gray Software List to ensure that your network remains secure.
  6. Click Save.
Parent topic: Application Control Criteria