Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

211

212

213

214

215

216

217

218

219

220

Security Management Server Virtual v10.2.11 AdminHelp

Incorrect: \Program Files\Dell\

Spaces only must be escaped on Mac

-based exclusions.

Application Control

Application

Control

Not Selected

Selected

Not Selected

If Selected, specified devices are locked down,

restricting any changes. Only applications that exist on a

device before the lock

down are allowed to execute on that

device. Any new applications, as well as changes to th

executables of existing applications, are denied. The

Advanced Threat Prevention agent updater is also disabled.

Additionally, certain File Action, Memory Action, and

Execution Control policies are automatically set. These

policies may be changed after t

hey are automatically set,

without disabling Application Control. See Policies Set by

Application Control

for a list of policies that are

automatically set when the Application Control policy is

lected.

To exclude specific folders from lockdown, specify the

folders in the Application Control Allowed Folders policy.

Application

Control Allowed

Folders

String

Specify folders to be excluded from Application Control

lockdown.

Enable Change

Window

Not Selected

Selected

Not Selected

If selected, Application Control is temporarily disabled

to allow, edit, and run new applications or perform

updates. This includes updating the Advanced Threat

Prevention agent. After performing the necessary change

deselect Enable Change Window.

Note:

Enable Change Window retains changes made to

Application Control. Deselecting Application Control and

resetting back to Selected resets Application Control to

default values.

This policy does not apply to Mac clients

Script Control

Not Selected

Selected

Not Selected

If Selected, Script Control protects devices by blocking

malicious scripts from running.

Note:

Script Control is currently only available for

PowerShell and Active Scripts.

Script Control

Mode

Alert

Block

Alert monitors scripts running in the environment.

Recommended for initial deployment.

Block allows scripts to run only from specific folders.

This should be used only after testing in Alert mode.

Active Script Alert

Alert

lock

Alert monitors Active Scripts running in the environment.

Recommended for initial deployment.

Block allows Active Scripts

to run only from specific

folders. This should be used only after testing in Alert

mode.

Macros

Alert

201