Environment
- App Control Server: All Supported Versions
- App Control Agent: All Supported Versions
Question
What Are The Best Ways to Identify and Mitigate Unwanted Software in My Environment?
Answer
- Identify:
- Create a baseline report with a "pristine" computer to help measure software drift. (Reference the User Guide for your version for more information).
- Search for commonly known software that does not fit your usage policy (Steam, iTunes, Spotify, BitTorrent, etc...) in your file catalogue).
- Mitigate:
- Run high enforcement policies to block unapproved software.
- Create Execution Block rules for application executables.
- Unapprove or Ban certificates of software you wish to block.
- Disable or adjust the Reputation based approval setting to limit what gets automatically approved.
Additional Notes
- The "pristine" computer should be a reflection of what you want computers in that policy/drift report to look like software wise.
- Creating and enforcing an approval pipeline for software will help drastically in controlling what software runs in your environment.
- Manually setting an approval or ban on a certificate/file will override the Reputation approval setting.
Related Content
