Javascript must be enabled to download our products and perform other essential functions on the website.

ionicons-v5-m
ionicons-v5-j
Buy Now Download Free Trial
ionicons-v5-m
ionicons-v5-f

Trusted Applications

Making sure that only safe and vetted applications run is one of the best ways to secure servers and end-used computers from many kinds of malware. This feature is sometimes called application whitelisting, application allow listing or even application locker. We call it Trusted Applications.

With the Trusted Applications feature, you define rules about which processes can be run, by whom, and even which files can be read by those applications (to optionally allow scripts to run in very specific situations you might have).

The rules can take into account:

  • Path of file/executable being accessed
  • Path of process accessing the file/executable
  • Digital signer or the file and/or process
  • Is the path to a cloud drive or external drive
  • User account making the request
  • User's group membership
  • Is file, user or digital signer in various lists

The rules are easy to write because they can refer to various lists of files, folders, product companies (application signers), users, etc. Just a few rules can quickly create a large amount of safety for many systems.

Handling the exceptional cases is easy too (example: it's simple to add the one-off application that needs to run in the Finance department).

Trusted Applications rules can be used on servers, as well as client computers via the optional Endpoint.

See some default rules below to see how easy they are to define:

Allow trusted files and apps from trusted companies
(PROCESS_SIGNED_BY_TRUSTED = True) OR (FILE_SIGNED_BY_TRUSTED = True)
Apps from Trusted Application list can run
PROCESS_IS_TRUSTED_APP = True
Disable access to cloud folders (deny rule)
FILE_PATH_IN_CLOUD_FOLDER = True
Full Access Users can access anything
USER_IS_FULL_ACCESS = True
Only allow Powershell scripts from the Windows folder
(FILE_PATH != "%WINDIR%*") AND (FILE_IS_TEXT_FILE = True) AND (PROCESS_PATH = "*Powershell.exe")
Prevent Command Host files, unless an Administrator or Trusted Application
(FILE_IS_COMMAND_HOST = True) AND NOT ((PROCESS_IS_TRUSTED_APP = True) OR ((USER_GROUPS = "*,Administrators,*") OR (USER_GROUPS = "*,Domain Administrators,*")))
Stop trusted app from launching or reading a non-trusted app (deny rule)
(((PROCESS_IS_TRUSTED_APP = True) OR (PROCESS_SIGNED_BY_TRUSTED = True)) AND (PROCESS_IS_COMMAND_HOST = False)) AND ((FILE_IS_EXECUTABLE = True) AND (FILE_SIGNED_BY_TRUSTED = False))

Insanely efficient to set up.

Glenn M., Cogent Consulting, USA ionicons-v5-b