Skip to main content

Allowlisting demo

Allowlisting for Windows

Youtube video for Windows allowlisting

Allowlisting for macOS

Youtube video for macOS allowlisting

What is allowlisting?

Allowlisting (formerly known as whitelisting) is a proactive cybersecurity practice that permits only explicitly pre-approved applications on your workstations. Operating on a deny-by-default principle, it blocks everything not on the approved list, significantly reducing risks from unknown malware, ransomware, and unauthorized access. 
Instead of blocking everything that is bad in your environment, you explicitly allow what applications need to run on user workstations. In simple terms, you only allow applications that you trust, and block everything else, including malware and ransomware. When idemeum agent is installed, it intercepts every process execution event and applies Default deny policy - if application is not explicitly trusted, it is not allowed. Allowlisting does not follow the same philosophy of classic block listing approach:
SecurityHow it works
Block-listingDefault allow policy with certain apps blocked. Cat and mouse game, you have to constantly track what is bad and update your rules.
AllowlistingDefault deny policy with certain apps allowed. You only allow what you need and do not worry about malicious applications.

Allowlisting primary features

Idemeum automatically trusts Microsoft Windows files that are marked as OSBinary. These files are critical for OS operation, and idemeum is not interrupting any critical system flows. As a result you can update and user Windows OS normally.
Idemeum offers a granular rule engine to define what applications are allowed in your environment. Not only can you define what is allowed to run (leveraging file attributes, publisher certificate thumbprints, or certificate elements), but you can also define if the application is allowed to elevate automatically or not.
When you allow an application, you can also define what that application is allowed to do. If you trust an application from a verified publisher, there is no need to track every single thing this application is doing and launching. Idemeum will do that for you by constructing and tracking the process chain. If you prefer, you can specify specific executables that your trusted application is allowed to run.
Idemeum offers a pre-configured rules catalog to cover most commonly used Windows and macOS applications. With a click of a button you can allow an application in your environment.
Not only can you control executables directly installed on your workstations, but also control what applications can be delivered from Windows and Apple stores.