2 Replies Latest reply on Jan 15, 2018 1:27 AM by timothyb

    Appsense rule for SAGE ERP

    yashikor Apprentice

      Would like to create a rule for SAGE ERP, this is a licensed application. However, the actual program runs from an app server. I did create a process rule using the main executable ACCPAC.EXE, however, I am going to change the rule to *.exe and add *.dll.

       

      Any recommendations on creating a rule for this type of application?

        • 1. Re: Appsense rule for SAGE ERP
          Landon Winburn ITSMMVPGroup

          A process rule is really a sub-process rule. Basically if ACCPAC.exe is running it can execute *.exe and *.dll as child processes. A simple file rule for ACCPAC.exe with metadata in the everyone group rule should be all that is needed. Make sure to check the allow untrusted owner box as well.

          • 2. Re: Appsense rule for SAGE ERP
            timothyb SupportEmployee

            As Landon mentions, a Process rule is used to control what actions a process can perform but doesn't control the initial launch of the process itself.  For example, let's say that ACCPAC.exe is running from a Network Share.  You would need to create a rule (such as a Signature, File, Folder etc) rule to allow ACCPAC.exe to run in the first place.  If after it launches you find that ACCPAC.exe crashes on an action.  You can use Rules Analyzer to find out if it's getting a DENY result for example ACCPAC.exe is writing a temporary file to %localappdata%\ApplicationName and is opening it with Execute write which Application Control denies.  You could create further File and Folder rules within a generic group to allow %localappdata%\ApplicationName.  This rule would apply to any user or Device that fell under that rule.  Alternatively you could use a Process rule for ACCPAC.exe to allow %localappdata%\ApplicationName.  This would restrict allowing permissions to run files to just ACCPAC.exe and child processes if you have that option ticked.

             

            Assuming that this is for licensing purposes, you're probably need to allow ACCPAC.exe to run but limit it by device or user.  Files and folders on a Network Share are denied by default.  Therefore you will need to explicitly allow the executables to run.  If users do not have read/write control over the share and you want a low maintenance config, you can probably get away with a file/folder rule.  To be more thorough use Landon's suggestion of including Metadata or a Signature rule.  If restricting by user, you can use a Group rule.  If restricting by workstations or servers a Device rule.  If you need something a little more complex then you can use a Custom Rule.  Please note that due to the overhead of Custom Rules, they only apply to launching an application and not to DLLs.  So you might need to use a Custom rule to determine if the application can be launched and then a process rule to control what DLLs the application can load.  Another method that I see commonly used for licensing is a Scripted rule.  Usually a VBScript that reads a text file on a network to get a list of computer hostnames that are allowed to run an application, it then compares that to the local hostname.  This reduces the number of configuration changes required, if you need to add or remove a host it can be done in the text file.