Test Mode

In order to make sure that configured profile or rule works correctly, you can use the test mode, which imitates Application Control actions. In this mode, applications are not actually blocked but all activity is getting logged (see Application Control Events), as if the profile or rule was working as usual. The test mode is convenient for easy configuration of Application Control by an administrator when deployed an enterprise network.

To enable test mode for a profile

1.In the General section of profile properties, set the flag Enable profile to start using a profile (disabled by default).

2.Set the flag Switch profile to global test mode.

3.Click Save.

A profile in test mode will have the icon-profile-test icon in Profiles group of the anti-virus network tree. On workstations that have such profile assigned to them, no applications will be blocked based on specified functional analysis criteria, allow or deny rules. Instead, respective statistics will be logged in the Anti-virus Network → Statistics → Application control events section. This log keeps detailed information about each started application, which you can review and use to tailor profile settings for your needs.

Once you make sure that tested profile operates as you need, it needs to be switched from test mode to active mode. Active profile has the icon-profile icon in Profiles group of the anti-virus network tree.

To disable test mode for a profile

1.In the General section of profile properties, clear the flag Switch profile to global test mode.

2.Click Save.

Test mode can also be used to check how specific allow or deny rules work in a profile, without switching the profile entirely.

To enable test mode for allow or deny rule in a profile

1.In the Allow rules or Deny rules section of profile properties, select the rule you created and would like to test.

2.In the opened rule settings, set the Enable rule and Switch rule to test mode flags.

3.Click Save.

In this mode, applications started on workstations will be blocked but only according to functional analysis criteria and the rules that were not switched to test mode. Allow and deny rules in test mode will work similarly to profiles in this mode, meaning that their settings have no impact on applications being blocked, but each imitated trigger of a rule gets into activity log in the Application control events section.

info

In contrast with profile test mode, there is no indication of any rules being in test mode on involved profile icon in the anti-virus network tree. Any active profile with rules in test mode would have the icon-profile icon.

Once you make sure the rule you are testing works properly, it needs to be switched from test mode to active mode.

To disable test mode for allow or deny rule in a profile

1.In the Allow rules or Deny rules section of profile properties, select the rule you are testing.

2.In the opened rule settings, clear the Switch rule to test mode flag.

3.Click Save.