Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1402 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Just can't get Application Control to work

JamesB

Hello all,

  I'm trying to test Application Control, prior to using it "for real", but I'm unable to simply get it working at all.

  We're running Enterprise Console 4.5.1.0 on Windows Server 2008 64-bit. I've created a new Application Control policy called "Block test" and assigned it to a group that has a single computer in it. "Enable on-access scanning" is ticked, and I've selected (just for a test) Windows Telnet and Putty, and put them in the Blocked list.

  The policy has been successfully pushed to the one client computer in the group according to Enterprise Console. The client is actually another Windows Server 2008 64-bit, with anti-virus version 9.5.5, VDL 4.64G. I can't see any reason why it being a Windows Server should make any difference, although I will try to test this with a Windows Vista or 7 machine soon. When I log onto that machine and try and run Putty, it works fine. Similarly if I open up a command prompt and run telnet, it works.

  I've checked the View -> Application Control Events in Enterprise Console - nothing appears.

  What am I doing wrong?

Thanks for any help,

James.

:11579


This thread was automatically locked due to age.
  • 0

    Hello James,

    I'm not aware of issues in this area (and could only test with 9.7 on a W2k8 64bit). As you should get an alert if you Detect but allow to run you could block (and allow)  for example all of Internet browser. Don't ask me what to do next if these too don't get blocked :smileywink:. 

    Christian

    :11587
  • 0

    Hi Christian,

      Thanks for the suggestion. I ticked "Detect but allow to run", and then went and selected all the versions of Internet Explorer, and all versions of Firefox and put them into Blocked. I also set a desktop message of "Test" so that, although a controlled application should be allowed to run, I should get a message on screen too.

      I let the profile get pushed to the client (in fact I went away for several hours). Just logged onto the machine and fired up IE8, which ran without any problem. Then ran Firefox 2, which ran without problem. No messages on the client. Waited a while then checked the EC application control log - nothing there.

      Completely baffled now. I will try with a Vista machine tomorrow if I get the chance. If I can't get that working then I'll have to contact Sophos directly I guess.

    James.

    :11599
  • 0

    Hello James,

    strange indeed. Did you test on-access scanning with eicar? Just to be sure.  On the client - the policy in effect can be found in %ProgramData%\Sophos\Remote Management System\3\Agent\AdapterStorage\SAV\APPCAdapterConfig (without extension, it's an XML file).

    Christian

    :11635