Workspace Environment Management

Application security

Application security feature allows you to define rules to control which applications and files the users can run. You can configure application security rules in the web console and provide a tool to retrieve information needed for rule configuration. Also, you can use this feature to create assignment groups with security rules. When the Process application rules and Process DLL rules are enabled, the Overwrite mode is turned on by default. In Overwrite mode, the rules that are processed in the end overwrite rules that were processed earlier. We recommend that you apply this mode to only single-session machines. This feature also allows you to create the following rules:

  • Executable rules
  • Windows installer rules
  • Script rules
  • Packaged app rules
  • DLL rules

Note: Before creating rules, we recommend that you first add the default rules to ensure thatimportant syatem files can run.

Create Windows installer rule

This includes two menu items, Basic information and Exceptions. To create a Windows installer rule, complete the following steps under Basic information and Exceptions:

  • Selecting Create rule leads you to the Create Windows installer rule page.
  • Enter the name and an optional description.
  • Choose the desired Action.
  • Select the Criteria type such as Path, Publisher, or File hash from the dropdown list.
  • Selecting Open File info Viewer directs you to the WEM Tool Hub. Use the WEM Tool Hub** to quickly get the required information. For more information, see File Info Viewer.
  • Optionally, you can add exceptions to include files that is normally included in the rule based on the primary criteria. To perform this task, select Add exception.
  • Go to WEM Tool Hub to copy data from one of the specified criteria under File Info Viewer and then click Paste from File Info Viewer.
  • Click Done.
  • Select Continue to assignment to update the assignments as required in the Manage assignments page.
  • Select Assignment targets (users and groups) to assign this item to. Use filters to contextualize the assignment. Filters you specify are effective only in the Overwrite mode and are supported only on agent versions 2406 or later.
  • Enter an asterisk if you need a specific rule to be applied to all files.
Application security