Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

211

212

213

214

215

216

217

218

219

220

Security Management Server v10.2.10 AdminHelp

203

Incorrect: \Program Files\Dell\

Spaces only must be escaped on Mac

-based exclusions.

Application Control

Application

Control

Not Selected

Selected

Not Selected

If Selected, specified devices

are locked down,

restricting any changes. Only applications that exist on a

device before the

lock-

down are allowed to execute on that

device. An

y new applications, as well as changes to the

executables of existing applications, are denied. The

Advanced T

hreat Prevention agent updater is also disabled.

ditionally, certain File Action, Memory Action, and

Execution Control policies are automaticall

y set. These

policies may be changed after they are automatically set,

without disabling Application Control.

See

Policies Set by

Application Co

ntrol for a list of policies that are

automatically

set when the Application Control policy is

Sele

cted.

To exclude specific folders from lockdown, specify the

folders in the Application Control Allowed Folders policy.

Application

Control Allowed

Folders

String

Specify folders to be excluded from Ap

plication Control

lockdown.

Enable Change

Window

Not Selected

Selected

Not Selected

If selected, Application C

ontrol is temporarily disabled

to allow, edit, and

run new applications or perform

updates. This includes updating the Advanced Threat

Prevention

agent. After performing the necessary changes,

deselect Enable Change Wi

ndow.

Note:

Enable Change Window retains changes made to

Application Control. Deselectin

g Application Control and

resetting back to Selected resets Application Control to

default va

lues.

This policy does not apply to Mac clients.

Script Control

Not Selected

Selected

Not Selec

ted

If Selected, Script Control protects devices b

y blocking

malicious scripts from run

ning.

Note:

Script Control is currently only available for

PowerShell and Active Scr

ipts.

Script Control

Mode

Alert

Block

Alert mon

itors scripts running in the environment.

Recommended for initial deploy

ment.

Block allows scripts to run only from specific folders.

This should be used only after testing

in Alert mode.

Active Script Alert

Alert

Block

Alert monitors Active Scripts running in the environment.

Rec

ommended for initial deployment.

Block allows Acti

ve Scripts to run only from specific

folders. This should be used only after testing in Alert

ode.

Macros

Alert