Allow Mode |
Allow mode means that on all monitored stations, only applications from the Trusted applications list and applications that comply with the allow rules are allowed to run. All other applications are blocked. Allow Mode can be enabled even if only allow rules are enabled. In this case, it works as a complement for functional analysis allowing launching of certain applications from the denied list. For example, if launching applications from network and shared resources is prohibited in functional analysis criteria, but, at the same time, running specific application is allowed in allow rules, than this application will be launched while other applications are still blocked. Allow rules and trusted applications can be configured under the Allow mode tab in profile properties. To use allow mode 1.Set the Use allow mode flag on the Allow mode tab. 2.Specify the settings in at least one of its sections: 3.Click Save.
Allow rules are configured in the Allow mode → Allow rules section of the profile properties. To create a new allow rule 1.In the Allow rules section, click 2.In Adding rule windows, specify Rule name and click Save. 3.In the rule list, select created rule and specify its settings on the opened properties pane: a)Set the Enable rule flag to start using this rule. b)If you want to check the rule operation, set the Switch rule to test mode flag. Applications will not be controlled at stations, but the activity log will be written as for enabled settings. Application launch and block results based on a rule in test mode will be displayed in the Application Control Events section. c)In the Allow the launch of applications on the following criteria section, select options according to which the applications launch at stations will be allowed.
4.Click Save. To create a duplicate of allow rule 1.In the Allow rules section, in the rules table, select the rule you want to duplicate for this profile. 2.Click 3.The new rule will appear in the rules table; its settings will be completely copied from the rule selected on step 1. The number 1 is added to the rule name. To delete a deny rule 1.In the Allow rules section, in the rules table, select the rule you want to remove from this profile. 2.Click To use trusted applications, perform one of the following actions: •If trusted applications will be collected at your Dr.Web Server (see also Trusted Applications Repository), enable collecting of trusted applications in the Administration → Application Control → Trusted applications section of the Control Center. •If trusted applications will be received on your Dr.Web Server via interserver connection from the neighbor Dr.Web Server, specify corresponding settings in the repositories of Dr.Web Servers sending and receiving the Trusted applications product. Trusted applications of a certain profile are configured in the Allow mode → Trusted applications section of the profile preferences. The section table contains the list of all trusted applications groups assigned to this profile. Trusted applications group (or applications white list) is a list of applications collected by the specified conditions from the selected station or station group. This applications will be allowed to run on stations of the anti-virus network for which this profile is assigned when operating in the allow mode.
To add trusted applications group to a profile 1.In the Trusted applications section, click 2.The opened window contains all available groups of trusted applications.
3.Set the flags next to the groups you want to add to the profile. 4.Click Save. To remove trusted applications group from a profile 1.In the Trusted applications section table, set the flags for the groups you want to remove from the profile. 2.Click 3.Applications of this group will be removed from the list of allowed to run at stations for which this profile is assigned.
|