Views:
Configure Application Control criteria that you can then assign to Security Agent policy rules. You can create Allow and Block criteria to limit the applications that users can execute or install on protected endpoints. You can also create assessment criteria to monitor the applications executing on endpoints and then refine the criteria based on the usage results.
Important
Important
  • You must configure Application Control criteria before deploying an Application Control policy to Trend Vision One Endpoint Security agents.
  • To minimize potential impact on critical system operations, Application Control does not monitor or block applications (for example, cmd.exe or powershell.exe) located in the system32 folder on Windows platforms.
    If a system issue occurs due to a blocked application process, first check your Application Control settings.
The following table outlines the tasks available on the Application Control Criteria screen.
Task
Description
Add criteria
Click the Add Criteria drop-down button and select from the following options:
  • Allow: Click to define Allow or Lockdown criteria
    For more information, see Defining Allowed Application Criteria.
  • Block: Click to define Block or Assessment criteria
    For more information, see Defining Blocked Application Criteria.
  • Copy: Select an existing criteria and click Copy to define new criteria based on the existing settings
  • Import: Click to select a ZIP package exported from a compatible Application Control source
    Note
    Note
    If the imported package contains criteria names that match preexisting criteria, you have the option to Overwrite existing criteria or Skip the import of the criteria with duplicated names.
Export criteria
Select the check box to the left of existing criteria and click Export to save the selected criteria to a ZIP package (<timestamp>_iACRuleExport.zip)
Delete criteria
Select the check box to the left of existing criteria and click Delete to remove the selected criteria from the list
WARNING
WARNING
If you selected criteria used by existing Apex One Security Agent policies, you must confirm that you want to delete and remove the criteria from all affected Security Agent policies. You cannot undo this action.
Modify criteria
Click a Criteria Name to modify the criteria settings
Note
Note
Affected endpoints receive modified criteria settings the next time the Trend Vision One Endpoint Security agents connect to the server.
View policy associations
Click the value in the Target Policies column to display a list of all Apex One Security Agent policies that implement the criteria.
Tip
Tip
Click a policy name to open a new browser tab on which you can view or modify the policy settings.
Related information