Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

231

232

233

234

235

236

237

238

239

240

Security Management Server v10.2.7 AdminHelp

215

Application Control

Not Selected

Selected

Not Selected

If Selected, specified devices are locked down, restricting any changes. Only

applications that exist on a device before the lock-down are allowed to

execute on that device. Any new applications, as well as changes to the

executables of existing applications, are denied. The Advanced Threat

Prevention agent updater is also disabled.

Additionally, certain File Action, Memory Action, and Execution Control

policies are automatically set. These policies may be changed after they are

automatically set, without disabling Application Control. See Policies Set by

Application Control for a list of policies that are automatically set when the

Application Control policy is Selected.

To exclude specific folders from lockdown, specify the folders in the

Application Control Allowed Folders policy.

IMPORTANT: Specify the following folder in the Application Control Allowed

Folders policy when running Data Guardian Protected Office mode with this

policy Selected: C:\Users\<Username>\AppData\Local\assembly\tmp

This policy does not apply to Mac clients.

Application Control

Allowed Folders

String

Specify folders to be excluded from Application Control lockdown.

IMPORTANT: Specify the following folder in this policy when running Data

Guardian Protected Office mode with the Application Control policy Selected:

C:\Users\<Username>\AppData\Local\assembly\tmp

Enable Change

Window

Not Selected

Selected

Not Selected

If selected, Application Control is temporarily disabled to allow, edit, and run

new applications or perform updates. This includes updating the Advanced

Threat Prevention agent. After performing the necessary changes, deselect

Enable Change Window.

Note: Enable Change Window retains changes made to Application Control.

Deselecting Application Control and resetting back to Selected resets

Application Control to default values.

This policy does not apply to Mac clients.

Script Control

Not Selected

Selected

Not Selected

If Selected, Script Control protects devices by blocking malicious scripts from

running.

Note: Script Control is currently only available for PowerShell and Active

Scripts.

This policy does not apply to Mac clients.

Script Control

Mode

Alert

Block

Alert monitors scripts running in the environment. Recommended for initial

deployment.

Block allows scripts to run only from specific folders. This should be used only

after testing in Alert mode.

This policy does not apply to Mac clients.

Active Script Alert

Alert

Block

Alert monitors Active Scripts running in the environment. Recommended for

initial deployment.

Block allows Active Scripts to run only from specific folders. This should be

used only after testing in Alert mode.

This policy does not apply to Mac clients.