Allow Mode

Allow mode means that on all monitored stations, only applications from the Trusted applications list and\or applications that comply with the allow rules are allowed to run. All other applications are blocked based on functional analysis criteria.

Allow Mode can be enabled even if only allow rules are enabled. In this case, it works as a complement for functional analysis allowing launching of certain applications from the denied list. For example, if launching applications from network and shared resources is prohibited in functional analysis criteria, but, at the same time, running specific application is allowed in allow rules, than this application will be launched while other applications are still blocked.

Allow rules and trusted applications can be configured under the Allow mode tab in profile properties.

To use allow mode

1.Set the Use allow mode flag on the Allow mode tab.

2.Specify the settings in at least one of its sections:

Allow rules.

Trusted applications.

3.Click Save.

warning

If neither allow rules nor trusted applications are specified, allow mode will be disabled.

Allow Rules

Allow rules are configured in the Allow mode → Allow rules section of the profile properties.

To create a new allow rule

1.In the Allow rules section, click icon-new-add Create rule on the toolbar.

2.In Adding rule windows, specify Rule name and click Save.

3.In the rule list, select created rule and specify its settings on the opened properties pane:

a)Set the Enable rule flag to start using this rule.

b)If you want to check the rule operation, set the Switch rule to test mode flag. Applications will not be controlled at stations, but the activity log will be written as for enabled settings. Application launch and block results based on a rule in test mode will be displayed in the Application Control Events section.
If the Switch rule to test mode flag is cleared, the rule operates in active mode and launches applications at stations by specified rule settings (see also modes of profiles operation).

c)In the Allow the launch of applications on the following criteria section, select options according to which the applications launch at stations will be allowed. In the File name field, specify a file or a directory.
Environment variables and wildcards are allowed. You can do the following:

Specify file or folder.

To add an existing folder or file, enter the full path to the file or folder in the input field.

To add a file with a particular name, enter the name and the extension in the input field. If the value of the parameter is not a path, it is treated as a file with the specified name in any directory.

Examples

Use a mask which denotes the common part of object names, at that:

The asterisk (*) character replaces any, possibly empty, sequence of characters.

The question mark (?) replaces any character (one).

Examples of using wildcards

You can add an application by the name of a variable if the name and a value of this variable are specified in the environment variable settings.

Examples of using variables

info

Also you can create allow rules from the Application Control Events and Application Catalog sections basing on the data received from stations. At this, application parameters in the rule settings will be filled automatically according to the selected application.

4.Click Save.

To create a duplicate of allow rule

1.In the Allow rules section, in the rules table, select the rule you want to duplicate for this profile.

2.Click icon-duplicate-new Duplicate rule on the toolbar.

3.The new rule will appear in the rules table; its settings will be completely copied from the rule selected at step 1. The number 1 is added to the rule name.

To delete a deny rule

1.In the Allow rules section, in the rules table, select the rule you want to remove from this profile.

2.Click icon-new-delete Delete rule on the toolbar.

Trusted Applications

To use trusted applications, perform one of the following actions:

If trusted applications will be collected at your Dr.Web Server (see also Trusted Applications Repository), enable collecting of trusted applications in the Administration → Application Control → Trusted applications section of the Control Center.

If trusted applications will be received on your Dr.Web Server via interserver connection from the neighbor Dr.Web Server, specify corresponding settings in the repositories of Dr.Web Servers sending and receiving the Trusted applications product.

Trusted applications of a certain profile are configured in the Allow mode → Trusted applications section of the profile preferences.

The section table contains the list of all trusted applications groups assigned to this profile.

Trusted applications group (or applications white list) is a list of applications collected by the specified conditions from the selected station or station group. This applications will be allowed to run on stations of the anti-virus network for which this profile is assigned when operating in the allow mode.

warning

If your Dr.Web Server receives trusted applications via interserver connection from the neighbor Dr.Web Server (see Trusted Applications Repository), the table of groups may contain records with the icon icon_appcontrol_warning Trusted applications group is missing in Dr.Web Server repository. These records are made for application groups that were added from the previous revision of the Trusted application product; after that a new revision was received, in which this group is not included. While the applications on corresponding stations may still remain functional, in order to prevent disruption of profile operation, it is recommended that such groups are removed from the profile settings.

To add trusted applications group to a profile

1.In the Trusted applications section, click icon-new-add Add trusted applications group to the profile on the toolbar.

2.The opened window contains all available groups of trusted applications.

info

When configuring allow mode, trusted applications groups are selected from the list of groups available in the repository for the Trusted applications product.

3.Set the flags next to the groups you want to add to the profile.

4.Click Save.

To remove trusted applications group from a profile

1.In the Trusted applications section table, set the flags for the groups you want to remove from the profile.

2.Click icon-new-delete Remove trusted applications group from the profile on the toolbar.

3.Applications of this group will be removed from the list of allowed to run at stations for which this profile is assigned.

info

When removing from a profile, the trusted applications group itself is not deleted. The group is still available in repository and can be added both to this profile and to other profiles.