Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How does Local Approval differ from Low Enforcement policy?

App Control: How does Local Approval differ from Low Enforcement policy?

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Question

How does Local Approval differ from Low Enforcement policy?

Answer

Low Enforcement:

  • When you are not concerned about unknown files and only need to block files that you have specifically created a File Ban Rule for: use Low Enforcement. 
  • Low Enforcement, by default, will enforce banned files while allowing users to install software that is either Approved or Unapproved (neither banned nor approved).
  • Although unapproved files are permitted to execute, you can monitor them and respond with Emergency Lockdown if necessary.
  • Low Enforcement is available to any Policy with the Mode, Control.

Local Approval:

  • Local Approval is reserved for system use, and cannot be chosen directly when creating a Policy, regardless of Mode.
  • This Enforcement Level instructs the Agent to issue Local Approvals of any new software, even for computers otherwise under High Enforcement.
  • While in Local Approval the only active Device Control settings are: Block writes to banned removable devices and Block executes from banned removable devices.

Additional Notes

  • Moving an Agent into Local Approval will require a Full Suite License (Visibility and Control). Environments with only a Visibility License cannot use Local Approval.
  • More details about Local Approval can be found in the User Guide chapter, "Approving and Banning Software".

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1829
Contributors