Skip to main content

➡️ Allowlisting

Quick-start (AL)

Set up application allowlisting to control what applications can run in your environment.

Create customer / organization

One you sign up for idemeum, you need to create a customer tenant / organization, so that you can register devices to this organization, configure allowlisting, and manage events.

  • Access the admin portal of your idemeum tenant
  • Navigate to Customers and then choose Add customerManually
  • Provide the organization name (will be used in the URL) and the friendly display name
  • Refresh the screen, then click at the top left to switch to the newly created organization admin portal

Enable allowlisting

Once you access the admin portal of your organization / customer, you can now enable allowlisting and elevation control.

  • Navigate to SettingsAllowlisting and enable the product
  • Optionally you can enable Elevation control if in addition to executions you would like to handle application elevations. Access SettingsElevation and then enable elevation control.

Deploy idemeum agent

You can now deploy idemeum agent to your workstation.

  • Click Install new agent and then grab the agent installation command. Execute on the workstation under Administrator account (i.e. run PowerShell as admin)
  • One the agent is successfully installed, it will show up in the admin portal Devices section

Create rules

If you know what applications you need, you can leverage rules catalog to enable most common applications with a click of a button. Idemeum agent comes with a baseline of trusting Microsoft system processes as well as very common applications such as notepad.exe, calculator.exe and others.

  • Access EventsRules
  • The click Add rule and choose Catalog rule
  • Check the applications that you need and save the configuration

Set app control mode

Now you are ready to apply allowlisting enforcement to a workstation. If you want you can first apply Audit mode, run it for some time to learn what applications are needed, and then create appropriate rules. However, if you are ready for enforcement, proceed with the following:

  • Access Devices menu
  • Find the device when you would like to enforce allowlisting
  • Click on ... then choose Set app control mode
  • Choose Rules and save the configuration. Now the idemeum agent on the device is applying Default deny rule for all unknown executions and only allows what you explicitly defined in rules.

Manage events

You can now see all generated events (blocked or allowed executions) in the event table. Right from each event you can click on ... and create a custom rule if that is not covered by idemeum catalog. Click on the link below to learn more about how to work with events.

Working with events
Events represent all executions and elevations triggered across your workstations.
idemeum docsNik Pot

Questions

If you have any questions or feature requests, please reach out to us.

Idemeum support
Contact idemeum support by sending us an email, opening a ticket manually, or joining our discord channel.
idemeum docsNik Pot