Application Control

What is Application Control?

Using Application Control, the Administrators can ensure that no unauthorized software is installed on any Asset on the organization’s network. Application Control allows the installation of only authorized and licensed software. This is useful to classify the applications as Whitelisted, Blacklisted, or Warning software. The applications that already exist on the Assets are initially Whitelisted by default. However, the Administrator can create multiple Profiles for Whitelisting, which can be applied to user, user groups, IPs, and locations. After a Whitelist Profile is applied to the end user machine all the software, which are not part of the Whitelist are Blacklisted. 

Example: Administrators can create a default Profile that comprises applications that are default for all Asset machines and apply this Profile for all the users. Similarly, Profiles can be created and applied to VIP users. 

Using Application Control, Administrators configure software as Whitelisted, Blacklisted, or Warning. They can create Profiles and map the Profiles to Assets. This helps the Asset Managers to keep a track of the software installed on the Assets.

Advantages

  • It prevents users from installing any unwanted software, malware, virus, or any other software that may cause harm or may not be suitable for installation.

  • Application Control also restricts the users from execution of the Blacklisted software if it is already installed.

Prerequisites

  • Create one or two Profiles, which will allow to block and unblock applications. For more information, see Create Profile.

  • Define software list to block and unblock software applications. For more information, see Define Software List.

Examples for Blacklisting/Whitelisting Software

Refer to the following scenarios as examples:

 Scenario 1: The Administrator has created a Profile to block the MS Excel application based on the users and their Assets.

The Profile to block the MS Excel application is mapped to the Assets of User A and User B, that is, Asset INBANLSU0176A and INBANLSU0176B, respectively. Similarly, the Profile to unblock the MS Visio application is mapped to INBANLSU0176C, which is the Asset of User C to run the installation.

Now, when User A and User B try to install MS Excel application on their respective machines, an error message, "THIS SOFTWARE IS BLOCKED PLEASE CONTACT ADMINISTRATOR”, is displayed, and the application installation is terminated. The installation is terminated because the Profile to block the MS excel application is mapped to these Assets of the users.

Additionally, no error message is displayed when User C tries to install MS Visio application. This is because the Profile to unblock the MS Visio application is mapped to the asset of User C.

Figure: Block and Allowed Message


 Scenario 2: The Administrator has created a Profile to block the Skype application and unblock MS Excel application based on user’s Location and IP Address.

The Profile to block the Skype application is mapped to the Assets located at Bangalore and Mumbai Locations. The IP Address 192.160.110.1 belongs to Bangalore Location and 192.160.110.2 belongs to Mumbai Location. The profile to block the Skype application is mapped to all the Assets, which are located at Bangalore and Mumbai Locations and uses 192.160.110.1 and 192.160.110.2 IP Addresses, respectively. Similarly, the Profile to unblock the MS Excel application is mapped to all the Assets, which are located at Pune Location and uses 192.160.110.1 IP Address to run the installation.

Now, when users of Bangalore and Mumbai Locations try to install the Skype application on their machines using 192.160.110.1 and 192.160.110.2 IP addresses, respectively, a warning message, "THIS SOFTWARE IS BLOCKED for 192.160.110.1 and 192.160.110.2 IP addresses at Bangalore and Mumbai Locations.  PLEASE CONTACT ADMINISTRATOR”, is displayed, and the application installation is terminated. The installation is terminated because the Profile to block the Skype application is mapped to all the users using 192.160.110.1 IP at Bangalore Location.

In addition to the above scenario, no error message is displayed when users of Pune Location try to install MS Excel application using 192.160.110.3 IP Address. This is because the Profile to unblock the MS Excel application is mapped to all the users who are using 192.160.110.3 IP at Pune Location.

Figure: Block and Unblock Message


 Scenario 3: The Administrator has created a Profile to display Warning Message for MS Visio application based on user’s Location, Customer, and User.

The Profile to display Warning Message is mapped to the Assets of Customer 2, and User A, and of Assets located at Pune andMumbai Locations. The User A belongs to Bangalore Location, Customer 1 belongs to Mumbai Location, and Customer 2 belongs to Pune Location. The Profile to display Warning Message is mapped to all the Assets located at Bangalore, Mumbai, and Pune, respectively.

Now, when User A of Bangalore Location, Customer 1 of Mumbai Location and Customer 2 of Pune Location try to install MS Visio application on their machines, respectively, a warning message, “MS Visio is not as per Classic Computer, Software Quality Check", is displayed and the application installation continues.

Figure: Warning Message

Accessing the Feature

In the SummitAI application, the Administrators can configure the Application Control options.

  1. Configure the Application Control Messages (These messages are flashed while attempting to install Blacklisted or Warning software), see Configuring Application Control Messages.

  2. Create or update Profiles by User, Location, IP Sub net Range, or Tenant, see Creating/Updating Profile.

  3. Identify software as White list or Blacklist, see Configuring Software Blacklisting.

  4. Map Profiles to Assets , see Configuring Profile Mapping.

  5. View various related reports, such as White/blacklist Software and Application Control Details.