4 Replies Latest reply on Mar 15, 2017 2:41 AM by timothyb

    Need information about a checkbox

    Rookie

      Hi everybody,

       

      It's my first comment here, I hope I'll find some information.

       

      Management Center : 8.6 SP1

      Application Manager : 8.8 SP1

       

      In my company we're experiencing some issues on a internal application when we call a excel macro.

      We have set up a empty template as usual.

       

      We have found the root cause of the issue and it's linked to the checkbox : "enable application access control"

       

      Do you know what the checkbox do when it's checked ?

       

      Thank you in advance.

        • 1. Re: Need information about a checkbox
          Landon Winburn ITSMMVPGroup

          So that box turns off one of Application Managers key features, whitelisting and blacklisting. From the product guide...

           

           

          Select to enable Application Access Control. Deselect to not

           

          validate or block executables.

           

          Disabling Application Access Control means that applications

           

          are no longer blocked from running. Any applications subject to

           

          Application Manager rules in the Prohibited Items, Accessible

           

          Items and Trusted Vendors lists are ignored. This also applies to

           

          Trusted Ownership checking.

           

          All EXE files can run regardless of where they are run from, or

           

          who they are owned by, or whether the administrator wants

           

          them to or not.

           

          This is similar to what would be expected if Application Manager

           

          was not on the endpoint.

           

          • 2. Re: Need information about a checkbox
            SupportEmployee

            Be aware that unchecking that box means disabling all blacklisting and whitelisting capabilities of AM. If you don't need those features then you should be able to disable Application Access Control without any impact.

             

            If you want to leave it enabled but understand what's being blocked - with a view to using a rule to allow it - use the Rules Analyzer feature in AM to monitor denied executions while recreating the issue. This, unfortunately, is a little trickier than it needs to be if you haven't done this sort of thing before as the results from Rules Analyzer can be confusing and difficult to navigate.

             

            As an alternative you could enable auditing to the local AppSense event log (in the Auditing dialog), recreate the issue and check that event log for events with ID 9000 (AM denied execution of x) around the time you recreated the problem.

            • 3. Re: Need information about a checkbox
              Rookie

              Hi,

               

              Thank you for your responses.

               

              As I said, we're using a empty template.

               

              There nothing in the blacklist and whitelist so I don't why we have this error message when a excel macro is executed.

               

              I'm going to open a case to the support.


              Thank you

              • 4. Re: Need information about a checkbox
                timothyb SupportEmployee

                Please be aware that a "Blank" or default config has:

                 

                • Everyone Group set to Restricted
                • Trusted Ownership checking enabled
                • There are a number of settings enabled under Advanced Settings -> Policy Settings Tab

                 

                Out of the box, AM protects against a user downloading an Application and running it

                 

                Therefore if a file is not owned by a Trusted Owner or is not located on a local disk, it will be blocked.

                 

                To determine if Application Manager is blocking the Macro process or a file that the macro is trying to open, use the Rules Analyzer tool and recreate the issue.  Please be aware that AM is not only interested in Process Start but also files that are opened with Execute permissions.  So if the Macro is creating temporary files and then attempting to open them with Execute permissions, this would be blocked.