Trusted Applications

Trusted Applications Management

Trusted applications group (or applications white list) is a list of applications collected by the specified conditions from the selected station or station group. This applications will be allowed to run on all stations of the anti-virus network on which they are added to the profile of the Application Control component operating in the allow mode.

Collection of information required to form a group of trusted applications is a demanding procedure, which, based on specified conditions, can have a significant impact on involved computer's performance. In order to reduce load on anti-virus network workstations, information shall be collected using one or several reference workstations, i.e. computers deliberately assigned with this task. An ideal candidate for this job would be a computer with newly installed operating system, latest updates and all the required software.

To manage trusted applications on Servers collecting the information, open the Administration → Application Control → Trusted applications section.

The section table contains the list of all actual trusted applications groups.

The following control buttons are available on the toolbar:

icon-new-add Create trusted applications group

icon-refresh Reload creation of trusted applications group

icon-new-delete Delete trusted applications group

To create a new trusted applications group

1.In the Trusted applications section, click icon-new-add Create trusted applications group on the toolbar.

2.In the General windows, specify the following settings:

Group name—the name of creating trusted applications group.

Description—optional arbitrary description of creating group.

Click Next.

3.In the Parameters for adding applications to trusted window, set the following settings according to which applications at stations will be added to the creating group of trusted applications (at least one setting must be selected in each category):

Search scope—set the flags for the areas where the information on applications will be collected.

info

You can specify several paths for the Search by specified paths option to search the applications. Use ";" as a separator.

Type of hashes to add—set the flags for objects whose hashes will be written into creating group of trusted applications.

File categories—set the flags for objects that will be considered during search.

Click Next.

4.In the network tree, select stations and station groups to collect information on applications for the trusted list. To select several groups and stations, use ctrL and shift.

Set the Do not consider nested groups flag to collect information on stations only in the selected group. If the flsg is cleared, information will be collected on all stations in the selected group and its subgroups.

5.Click Save.

6.The collection of information about applications at the stations will start according to the settings specified. The process may take a long time to complete.

Information on the state and updates of trusted application group you can find:

in the general table of the Trusted applications section,

in the additional information on group that is opened when clicking the group row in the general table of the Trusted applications.

warning

Information about applications is collected within a current session on involved workstation. If the collection process is not yet complete and the workstation shuts down or restarts, the whole operation will start from the beginning once the workstation is back on. Partially collected information about applications is not saved.

To start the update of trusted applications group

1.In the Trusted applications section table, set the flags for the groups you want to update.

2.Click icon-refresh Reload creation of trusted applications group on the toolbar.

To delete trusted applications group

1.In the Trusted applications section table, set the flags for the groups you want to delete.

2.Click icon-new-delete Delete trusted applications group on the toolbar.

3.Applications of this group will be removed from the list of allowed to run at stations, and collecting applications for the list of trusted by conditions of this group will be stopped.

warning

You cannot delete the group of trusted applications assigned to profiles of Application Control.

 

When you delete the trusted applications group, a new revision is created in the repository for the Trusted applications product, and it is propagated on the neighbor Servers. At this, the Control Application profiles for which this group is assigned on neighbor Servers may not function properly.

To remove information about applications on a certain station from the trusted applications group

1.In the Trusted applications section table, click the line with the applications group from which you want to remove the information about applications on station.

2.In the opened window, in the stations table, set the flags for stations for which you want to remove information about applications.

3.Click icon-new-delete Delete selected stations on the toolbar.

info

When removing all stations, the trusted applications group will be deleted.

Trusted Applications Repository

info

When configuring the allow mode for the Application Control profile, the trusted applications group are selected from the list of groups available in the repository for the Trusted applications product.

If your anti-virus network running several Dr.Web Servers under interserver connection, to facilitate the collection of information, it is possible to distribute the load between your Servers as follows:

Administrator collects information from protected stations on one of the Servers. Information automatically placed into the Server repository in the Trusted applications product and propagated via interserver connection according to the specified settings.

Information on trusted applications may be collected on several Servers of the network, but network segments served by these Servers must be isolated from each other.

Other Servers get the Trusted applications product update via interserver connection according to the specified settings. You do not need to configure trusted applications collecting on these Servers, because revisions of the product received from the neighbor Server will be placed in the repository.

info

The Trusted applications product is not updated from GUS. This product is propagated only between neighbor Servers via interserver connection.

Before collecting Trusted applications, define which Servers will collect information and send it to neighbor Servers, and which—receive it via interserver connection. Depending on this, you must configure corresponding settings on each of the Servers.

To configure Servers collecting and sending trusted applications

1.Open the Administration section.

2.Go to the Detailed repository configuration → Trusted applications section.

3.On the Synchronization tab, clear the Prevent sending updates to neighbor Servers flag and set the Prevent receiving updates from neighbor Servers flag.

4.Click Save.

5.Go to the Administration → Application Control → Trusted applications section and configure collecting of trusted applications as described below.

6.New revision of the Trusted applications product is written to the repository after receiving information from all stations specified in the settings for collecting group of trusted applications. After writing the product revision to the repository, it is propagated via interserver connection to the neighbor Servers.

To configure Servers receiving trusted applications

1.Open the Administration section.

2.Go to the Detailed repository configuration → Trusted applications section.

3.On the Synchronization tab, clear the Prevent receiving updates from neighbor Servers flag.

If the Server should send the Trusted applications product to other Servers via interserver connection, also clear the Prevent sending updates to neighbor Servers flag.

4.Click Save.