Working with rules
Overview
When you work with allowlisting and elevation control (EPM) the easiest way to think about the rules in the following way:
- Is the application allowed to execute?
- You can match the target application using
- File attributes -
file hash,file name, orfile path - Publisher certificate thumbprint
- Certificate elements -
CN,O, etc.
- File attributes -
- If you trust the application, you can allow execution of child processes by this application
- You can match the target application using
- If allowed to execute, can application elevate?
- You can block elevation, automatically elevate application, or allow users to request elevation
Example rule for Slack - this is a local rule and will only be applied to the current organization, we match the application using the publisher certificate, allow application execution along with child processes, and allow the application to elevate as admin.
Example rule for AnyDesk - this is a local rule that will only apply to a certain customer, it matches the application that is legitimately signed by AnyDesk Software GmbH, we allow execution, and offer users the option to request elevation.
Catalog rules
Idemeum comes pre-configured with allowlisting and elevation rules for most common applications. We constantly update applications to make sure the rules are current and do not create any disruptions. With a click of a button you can allowlisting most used applications.
- Navigate to the admin portal of your organization / customer
- Access
Events→Rules→Add rule→Catalog rule
- Choose the rules that you want by selecting the application
- Save the configuration and the rules will be automatically added
Catalog-<appname>. If you want to remove the rule, simply delete it from your list.