Excluding applications from Application Manager hooks using AppHookEx, UrmHookEx and RdmHookEx

Version 1

    Verified Product Versions

    Application Control 8.6Application Control 8.9Application Control 8.8Application Control 8.7Application Control 8.5Application Control 8.4Application Control 8.3Application Control 8.2Application Control 8.1Application Control 8.0

    Introduction

    Application Manager has a number of Engineering Settings to allow an administrator to exclude specific processes from various aspects of Application Manager's hooks and rules processing.

    • AppHookEx, used to exclude processes from hooks used by the Application Network Access Control (ANAC) feature.
    • RdmHookEx, used to exclude processes from hooks used by the Rights Discovery Mode (RDM) feature.
    • UrmHookEx, used to exclude processes from the hooks used by the User Rights Management (URM) feature.

    Each of these settings is defined within the configuration, rather than directly on the client, as detailed within the "Solution" area below.

    Detail

    These settings may help when diagnosing / resolving issues with Application Manager related to (but not limited to):
    • ANAC
    • URM
    • Script host blocking (bat, vbs, reg, msi)
    • Exe blocking (although the driver is still present so if the hook is not there the driver will still block it)
    • Unexpected application behaviour When Application Manager is running.

    In versions prior to Application Manager 8.5.220.0, the AmAppHook.dll will still be loaded within processes but not active. Application Manager 8.5.220.0 introduced a loader DLL, AMLdrAppInit.dll, which will load AmAppHook.dll only when required.

    In versions of Application Manager prior to 8.8.x, these settings are configured via the registry on a machine with the Application Manager Console installed. In Application Manager 8.8.x and later, these settings are configured via the console using the "Advanced Settings" > "Custom Settings" menu, accessed via the "Manage" ribbon.
    To configure these settings via the registry, open Regedit and browse to:

    HKEY_LOCAL_MACHINE\SOFTWARE\AppSense Technologies\Application Manager

    Create a new subkey, called "Engineering".

    Within HKLM\SOFTWARE\AppSense Technologies\Application Manager\Engineering, create a REG_SZ (String) value matching the name of the hook exclusion to apply, using the exact casing below (each of these value names are case-sensitive):
    AppHookEx
    RdmHookEx
    UrmHookEx

    Each value is a semi-colon delimited list of process names, for example:

    Registry Value Name:    AppHookEx
    Registry Value Type:    REG_SZ
    Registry Value Data:    app1.exe;app2.exe;app3.exe

    Registry Value Name:    RdmHookEx
    Registry Value Type:    REG_SZ
    Registry Value Data:    app1.exe;app2.exe

    Registry Value Name:    UrmHookEx
    Registry Value Type:    REG_SZ
    Registry Value Data:    app1.exe

    Once configured, open the Application Manager console and open the current configuration. When the configuration is next saved, the settings will be written in, and read by the Agent once the configuration is deployed. The agent will also write the settings to the local registry on the client under the following key so that an administrator can check they have been applied correctly:

    HKEY_LOCAL_MACHINE\SOFTWARE\AppSense Technologies\Application Manager\HookConfig\Engineering