Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: What Are The Best Ways to Identify and Mitigate Unwanted Software in My Environment?

App Control: What Are The Best Ways to Identify and Mitigate Unwanted Software in My Environment?

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Question

What Are The Best Ways to Identify and Mitigate Unwanted Software in My Environment?

Answer

  • Identify:
    • Create a baseline report with a "pristine" computer to help measure software drift. (Reference the User Guide for your version for more information).
    • Search for commonly known software that does not fit your usage policy (Steam, iTunes, Spotify, BitTorrent, etc...) in your file catalogue).
  • Mitigate:
    • Run high enforcement policies to block unapproved software.
    • Create Execution Block rules for application executables.
    • Unapprove or Ban certificates of software you wish to block.
    • Disable or adjust the Reputation based approval setting to limit what gets automatically approved.

Additional Notes

  • The "pristine" computer should be a reflection of what you want computers in that policy/drift report to look like software wise.
  • Creating and enforcing an approval pipeline for software will help drastically in controlling what software runs in your environment.
  • Manually setting an approval or ban on a certificate/file will override the Reputation approval setting.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1105
Contributors