Application Control basically is a policy-based whitelist of applications. In short the whitelist contains the fingerprints of all applications and associated .dll's etc. that are allowed to run on your computer. All undefined applications or even other versions of the allowed ones simply can not run.
Such technology is often considered to be very time-consuming to manage. And it is indeed if you would for instance build your own whitelist using integrated technology and policies in Windows. So here is where the fun starts:
After installation of the McAfee Application Control software on an endpoint, the software starts to create an index of all executables, registry, dll's and other related files that are already on the endpoint. It basically takes a snapshot of the current state the endpoint is in. Once this baseline is build, the software can be activated. Afterwards only file executions that are specifically allowed by policy, can run apart for the whitelist.
An example of a possible policy would be to define a certain executable as an updater, for instance the SMS client. That executable than is allowed to apply changes to the snapshot, so it can basically update the whitelist. Other examples are to allow a certain user to make changes, or to allow undefined executables to run only from a certain directory.
If you think of it, the way computers often are managed in an enterprise environment (golden image and than a deployment tool for changes), can be the blueprint for your application control configuration and afterwards your computers do exactly what they are meant for and nothing else.
Supported Platforms for Application Control are:
(Windows x86)
- Windows NT 4.0 - Workstation, Server, Terminal Edition with SP6a (not supported with ePO)
- Windows 2000 - Advanced Server, Server, Professional Editions with SP4 Rollup1
- Windows XP - Professional Edition with SP0, SP1, SP2, SP3
- Windows 2003 Server - Enterprise, Standard, Web Editions with SP1, SP2
- Windows Vista - Business Edition with SP1
- Windows 7
- Windows 2008 Server - Enterprise and Standard Editions with SP1, SP2
- Windows XPE
- Windows Embedded Point of Service (WEPOS)
- Windows Embedded Standard 2009
- Windows Embedded POS Ready 2009
(Windows x64)
- Windows XP Professional Edition (AMD64) with SP1, SP2
- Windows 2003 Server Enterprise Edition (IA64/AMD64) with SP1, SP2
- Windows Vista - Business Edition (AMD64) with SP1
- Windows 7
- Windows 2008 Server - Enterprise and Standard Editions (AMD64) with SP1, SP2
- Windows 2008 Server Core (AMD64) with SP1
- Windows Server 2008 R2
(Other)
- Red Hat Enterprise Linux 3/4/5
- CentOS 4/5
- SUSE Enterprise Linux 9/10
- Oracle Enterprise Linux 5
- Solaris 8/9/10
No comments:
Post a Comment