Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 2509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control - own definitions

JSCR

hello,

maybe this is question was already asked and answered here, but I can' find it.

Is it possibel to define my own application to be controled by Sophos Application Control.

I already know that I can send a suggestion to sophos to let them implement it.

Kind regards 

Joerg

:37249


This thread was automatically locked due to age.
  • 0

    Hi,

    I think I had asked this myself once before.

    From what I recall I don't think that you can.

    You have to do a submission to Sophos and they will try and make it available as a controllable application.

    I think it might be difficult for them to allow users to add custom applications due to the way they actually control the .exe.

    From what I gather it is based on far more then just the name of an executable. They take into account the version, they keep a checksum, and some other things.

    I am not an expert by any means though. Just commenting of some of what I have seen while using Sophos.

    Cheers

    :37251
  • 0

    Hello toddh

    ok, i can see the point.

    our secutity team asked me, if Sophos can monitor some files about if they are used and who is using them, and in some cases block them. They gave me a list, with filenames and checksum and it includes different types of files (.exe asp aspx vbs dll rar and tmp). maybe more to come.

    regards

    Joerg

    :37255
  • 0

    Hello Joerg, and thanks for the post, Todd

    Indeed it is not simply checksumming - Labs aim to reliably detect an application by distinguishing and ideally version-independent features. You neither want an application to be able to run just because some minor changes nor have to wait until an update is whitelisted (although major changes could necessitate a new detection to be written).

    Christian

    :37265
  • 0

    Hi,

    To simply block them you could use software restriction policies:

    http://technet.microsoft.com/en-us/library/bb457006.aspx

    Regards,

    Jak

    :37279