Reference Guide
Security Management Server Virtual v10.2.10 AdminHelp
201
Incorrect: \Program Files\Dell\
Spaces only must be escaped on Mac
-based exclusions.
Application Control
Application
Control
Not Selected
Selected
Not Selected
If Selected, specified devices are locked down,
restricting any changes. Only applications that exist on a
device before the
lock-down are allowed to execute on th
at
device. Any new applications, as well as changes to the
executables of ex
isting applications, are denied. The
Advanced Threat Prevention agent up
dater is also disabled.
Additionally, certain File Action, Memory Act
ion, and
Execution Control policies are
automatically set. These
policies may be changed after they are automatical
ly set,
without disabling Application Control. See Policies Set by
Application Co
ntrol for a list of policies that are
au
tomatically set when the Application Control policy is
Selected.
To exclude
specific folders from lockdown, specify the
folders in the Application Control Allowed Folders policy.
Application
Control Allowed
Folders
String
String
Specify folders to be excl
uded from Application Control
lockdown.
Enable Change
Window
Not Selected
Selected
Not Selected
If selected, Application Control is temporarily di
sabled
to allow, edit, and run new applications or perform
updates. This includes updating the Advanced Threa
t
Prevention agent. After performing the necessary changes,
deselect Enable
Change Window.
Note:
Enable Change Window retains changes made to
Appli
cation Control. Deselecting Application Control and
resetting back to Selected resets Application Control to
default values.
This policy does not apply to Mac clients.
Script Control
Script Control
Not Selected
Selected
Not Selected
If Selected, Script
Control protects devices by blocking
malicious scripts from running.
Note:
Script Control is currently only available for
PowerShell and Active Scripts.
Script Control
Mode
Alert
Alert
Block
Alert mon
itors scripts running in the environment.
Recommende
d for initial deployment.
Block allows scripts to run only from specific folders.
This should be used only af
ter testing in Alert mode.
Active Script Alert
Alert
Block
Alert monitor
s Active Scripts running in the environment.
Recommended for initial dep
loyment.
Block allows Active Scripts
to run only from specific
folders. This should be used only after testin
g in Alert
mode.
Macros
Alert
Alert