What are ways to prevent unwanted programs from launching automatically? Check out What Is Application Control.
What Is Application Control?
Application Control is about stopping unwanted applications from launching automatically. This is extremely important for preventing malware infections. Also, Application Control is an important security feature in all products in the SonicWall family, including:
1. UTM Appliances
2. SonicWall NSA and TZ appliances
3. SonicWall SRA and SRA-MC wired and wireless routers
4. SonicWall PRO
5. NSA and TZ firewalls
Application Control Types
There are two types of Application Control: Application Control Policies (ACPs) and Application Control Groups. An ACP is a group of rules that determine what type of applications can be launched. Also, an ACP consists of a rule that controls the application launch behavior.
There are three types of rules: allow block and monitor. Also, an ACP also contains a list of applications that it controls. An ACP is also called an application filter. A group is a collection of similar ACPs.
The most common type of application control group is the “All Applications” group. So, it contains all of the applications on the system (i.e., all applications in the Allowed column). How do you create an All Applications ACP?
Create an “All Applications” group to contain your desired set of rules to launch all applications automatically or block unwanted ones automatically. Then add appropriate rules to it so they are applied to all applications on your system rather than as one-off per-application settings. To make this simple, you may want to clean up your “All Applications” group by removing any unnecessary rules.
This will leave only your desired launch behavior for all other applications on your system automatically launch. Also, this includes blocking automatically as necessary without having to add individual rules for each one manually later when you need them again. This is after initially cleaning up your “All Applications” group.
What Are the Different Types of Application Control Rules?
There are three types of these rules: allow block and monitor. Also, Network App Monitoring Rule is a rule that allows the application to be launched but monitors it for behavior that may indicate malware or other unwanted activity. Some examples of this type of rule include monitoring for “outbound” connections from the application’s firewall.
This is monitoring for encryption applications attempting to encrypt sensitive information. Such as credit card numbers and monitoring for decryption applications being launched. Also, this is by untrusted programs that may attempt to decrypt encrypted data.
It monitors applications launching processes with names or paths that may indicate malware. Also, if malware or other undesired activity is detected by the application platform monitor rule, execution of the application is blocked and a notification is sent to the administrator. All Application Control Monitor rules have a set of predefined criteria that can be edited or deleted if desired to customize them for your environment.
There are also special Network Monitoring rules such as those that monitor encrypted communications to/from specific websites. So, these are such as PayPal and eBay which can be used to detect if malware is attempting to access these sites. Also, this is without being blocked by the standard allow rules in place in your environment.