Environment
- App Control: All Supported Versions
Objective
- Enabling the ability to ban malicious files using Event Rules in App Control console
Resolution
- Disclaimer: Using this feature may result in the banning of a file that has been deemed malicious by our CDC but is in use in your environment (false positive
With App Control Console access:
- Login to the App Control Console
- Navigate to https:\\<YourAppControlServerName>\shepherd_config.php
- Locate the Config – AllowBansFromEventRules
- Set the value to 'true' and click save (**Value is case sensitive**)
- Navigate to Rules > Event Rules
- Click on ‘Create Event Rule’ and verify that the radio button for ‘Ban’ is available
If the Agent Config property for "AllowBansFromEventRules" isn't there, please perform the following steps:
- Login to SQL Management Server
- Run the following query:
use das GO exec dbo.UpdateShepherdConfig 'AllowBansFromEventRules', ‘true'
|
3. Login to the App Control Console
4. Navigate to Rules > Event Rules
5. Click on ‘Create Rule’ and verify that the radio button for ‘Ban’ is available