FREE TRIAL Contact
FREE TRIAL Contact
LANG=en

DriveLock Application Control

Start your test now!

 

Category: Use Case 
Module: Application Control
Test time: 30 min

This use case will show you how to work with DriveLock Application Control.

1. What is the use case about?

DriveLock Aapplication Control provides forward-thinking protection against both known and unknown threats.
Ransomware or malware will no longer have a chance to disrupt your nusiness processes and destroy files or important documents. Even zero-day exploits will no longer be able to cause damage.

DriveLock protects against malware by reversing the principle of a virus scanner: Only applications that are allowed can run. Malware is blocked, no matter wether it is known or unknown. 
DriveLock provides easy and automatic whitelist maintenance by offering th integrate client and patch management systems. For manual software installations, a learning mode is available. 

 

2. How does it affect your client computer?

The DriveLock Agent performs an initial scan of the entire system and creates a local whitelist. After completing this scan, the device is 'sealed' and only the applications that are on this whitelist are allowed to run. In addition, DriveLock creates several other rules which also include self-learning features; they do not require manual maintenance. These rules contain:

  • Application rules: Blacklisting and/or whitelisting defines which applications can be executed and which will be blocked. 

  • Application behavior rules: These rules determine what permissions applications are given, what directories applications are allowed to write to, or what processes they are allowed to start. By recording application behavior via remote agent control, application behavior rules can be automatically generated.

  • Local learning: This can be performed on the DriveLock agent itself to determine what is allowed by application control.

If a user tries to run an application that is not included in any application control rule, a pop-up windows opens, informing the user that this application has been blocked. 

In case a user needs to install a new application, for example, you can temporarily unlock the protection of the client computer.

Learn more about temporarily unlocking agents here.

 

3. How to monitor the results in the DOC?

You can create your own Application Control dashboard, or you use the template that provides you with some slearly arranged information. 

Dashboard_AC


We also provide a template ypu can use to create reports. They can be exported to PDF, sent via email and/or downloaded. 

 

4. Add more applications to the global whitelist

Blocking an application generates a result with various parameters, such as file path and hash value. These parameters can then be used to create a whitelist rule for this application. This is possible using the file path and hash value parameters, but also the application's certificates.
To obtain these parameters, either go to Analytics > Events or Inventory > Software > Binaries in the menu. Here you can right-click on the process blocked event or the binary > Create application rule

Create_application_rule


In the first step set the rule name and rule type.

AC_CreateWhitelistRule1


In the next step you can select and edit the parameters, which were taken over from the event.

Create_application_rule_dialog


After finishing the rule, the application from this event is allowed to run according to the selected parameters (e.g. file path or certificate).