Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Enable Bans from Event Rules

App Control: How to Enable Bans from Event Rules

Environment

  • App Control: All Supported Versions

Objective

  • Enabling the ability to ban malicious files using Event Rules in App Control console

Resolution

  • Disclaimer: Using this feature may result in the banning of a file that has been deemed malicious by our CDC but is in use in your environment (false positive

With App Control Console access:
  1. Login to the App Control Console
  2. Navigate to https:\\<YourAppControlServerName>\shepherd_config.php
  3. Locate the Config – AllowBansFromEventRules
  4. Set the value to 'true' and click save (**Value is case sensitive**)
  5. Navigate to Rules > Event Rules
  6. Click on ‘Create Event Rule’ and verify that the radio button for ‘Ban’ is available

If the Agent Config property for "AllowBansFromEventRules" isn't there, please perform the following steps:
  1. Login to SQL Management Server
  2. Run the following query:

use das
GO
exec dbo.UpdateShepherdConfig 'AllowBansFromEventRules', ‘true'

   3. Login to the App Control Console

   4. Navigate to Rules > Event Rules

   5. Click on ‘Create Rule’ and verify that the radio button for ‘Ban’ is available


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-06-2015
Views:
1073
Contributors