Case 4: Controlling application usage by users in the organization through application control policies¶
To allow trusted applications and block malicious applications, Securden provides the provision to create Allowlists and Blocklists.
Note
1) When accessing an application through allowlists and blocklists, the app will be run according to the privileges of the user account.
2) Allowlists and Blocklists do not elevate privileges with which the applications are run.
How does an Allowlist work?
When an allowlist is enforced, the users associated with the allowlist will be able to run the applications associated with the allowlist on their designated endpoints. But the users will not be able to run any application other than the apps included in the allowlist.
How does a Blocklist work?
When a blocklist is enforced, the users associated with the blocklist policy will not be able to run the applications associated with the blocklist. The users are, however, free to run every other application on their endpoints.
You can test application control through allowlists and blocklists by following the steps below.
Step 1: Creating an Allowlist/Blocklist¶
1) In the Securden EPM web-interface, login as an administrator and navigate to the Privileges tab and click on Add Policy.
2) Select the policy type according to the operating system of the endpoint. In this guide we will explain the process for Windows.
3) Provide a suitable name and a description for the policy.
4) Select Allowlist or Blocklist as the application elevation preference based on the requirement.
Note
Refer to the sections How does an Allowlist work? And How does a Blocklist work?
5) Add all the applications that you want to associate with this policy.
6) You can associate the policy with specific computers by selecting the required computers in this step. You have the option to associate the policy with all the devices for organization wide application control.
Note
To test the policy, ensure that you are associating the device on which you would like to test the application control feature.
7) Select the users with whom you want to associate the policy. You have the option to associate the policy with all the users or select specific users to associate with the policy. You can also create an exclusion list of specific users. In that case, every other user except the selected users will be associated with the policy automatically.
Important
To test the policy, ensure that you are associating the user account on which you would like to test the application control feature.
8) When associating the policy with specific devices and specific users, you have the option to associate the policy with local user accounts.
Note
Users added to Securden from Azure (Entra ID) and AD will be available under Associate Policy with Users/User Groups in Securden. If you want to associate the policy with local users on the selected endpoints, then you need to search and add them in the field Associate with Local Users.
Once the preferences are selected, click Save.
Similar to privilege elevation policies, the allowlist/blocklist needs to be approved by a second administrator before it is enforced. If there is only one administrator running the EPM, then the policy will be enforced right after creation.
Step 2: Testing application control¶
1) Once the policy is in effect, log in to a device associated with the policy as a user associated with the policy.
2) Try to run an application included in the allowlist/blocklist.
-
If allowlisted, the app will run.
-
If blocklisted, the app won’t run and a Securden prompt will be displayed.
Note
You can use this prompt to raise a request for temporary access to the application. This is discussed in the next case.
3) Now, try running an application that is not associated with the allowlist/blocklist policy.
-
For an allowlist policy, the application will not run and the Securden prompt will be displayed.
-
For a blocklist policy, the application will run.
You have successfully tested the application control feature.
