Environment

• App Control: All Supported Versions

Objective

• Enabling the ability to ban malicious files using Event Rules in App Control console

Resolution

• Disclaimer: Using this feature may result in the banning of a file that has been deemed malicious by our CDC but is in use in your environment (false positive

1. Login to the App Control Console
2. Navigate to https:\\<YourAppControlServerName>\shepherd_config.php
3. Locate the Config – AllowBansFromEventRules
4. Set the value to 'true' and click save (**Value is case sensitive**)
5. Navigate to Rules > Event Rules
6. Click on ‘Create Event Rule’ and verify that the radio button for ‘Ban’ is available

1. Login to SQL Management Server
2. Run the following query:

use das GO exec dbo.UpdateShepherdConfig 'AllowBansFromEventRules', ‘true'

   3. Login to the App Control Console

   4. Navigate to Rules > Event Rules

   5. Click on ‘Create Rule’ and verify that the radio button for ‘Ban’ is available