AppSense Application Manager

By default, only application files owned by an Administrator or the local System are allowed to execute. Trusted Ownership is determined by reading the NTFS permissions of each file which attempts to run. Application Manager automatically blocks any file where ownership cannot be established, such as files located on non-NTFS drives, removable storage devices, or network locations. These files can optionally be allowed to run either by specifying them as Accessible Items or by configuring a Self-Authorizing User rule. The Trusted Owner list can be configured to suit each environment.

Extend application accessibility by applying rules based on username, group membership, computer or connecting device. Accessible and prohibited items are specified in each rule, which are applied to a user session based on the environment in which the user operates.

Application Manager rules allow an Administrator to delegate varying levels of security control based on a user, group or device. By default, all standard users are managed by Full Security rules which limit application use to only those authorized by an Administrator. The Self-Authorizing User security level allows nominated users to make decisions on whether to run unauthorized applications. The decision, and any subsequent use of the self-authorized application, is fully audited.

SHA-1 signature checks may be applied to any number of application control rules, providing enhanced security where NTFS permissions are weak or non-existent, or for applications on non-NTFS formatted drives. A digital signature wizard allows easy creation and maintenance of large digital signature lists.

Events are raised by Application Manager according to the default Event Filtering configuration and audited directly to a local file log or the Windows Event Log. Alternatively, events can be forwarded for auditing to the AppSense Management Center via the Client Communications Agent (CCA).

All Windows Scripting Host (WSH) scripts, such as VBS, are validated against configuration rules. This ensures that users can only invoke authorized scripts, eliminating the risk of introducing WSH scripts that contain viruses or malicious code.

Allows users to run only authorized batch files, while prohibiting user access to the command prompt.

Allows users to run only authorized registry files, while prohibiting user access to the regedit.exe. This protects the system and user registry from unwanted or malicious changes.

Provides the ability to identify and safely extract files from self-extracting ZIP archives using a built in extractor. Support is provided for password protected ZIP files with all levels of compression.

Monitors execution requests and audits all unauthorized application usage without preventing the user from running the unauthorized applications. This feature allows non-intrusive monitoring of either a single user, user group, device or the whole system. The results of audited application usage are displayed using the Rules Analyzer and captured event information.

User, group and device rules provide effective enforcement of corporate licensing policies by limiting which corporate applications can be run. Devices connecting to terminal servers can be limited to only allow certain hosted applications to run, reducing the number of licenses required for Client Access License (CAL) software.

Assisting the management of large lists of files, the Application Manager console supports drag and drop capability from Windows Explorer. Drag and drop can also be used to move multiple items between different rules within the configuration.

Application limits can apply a restriction to the number of concurrent instances of an application that a user can run.

The Configuration Profiler allows Administrators to report on configurations stored locally or in the central database. General reports are produced to assist auditing and compliance, such as Sarbanes-Oxley or HIPAA. Custom reports can be produced for specific users, applications and devices to assist troubleshooting of large configurations.