Configuring Application Permissions in the Application Control Policy

Applications that were uploaded with the Appscan XML file are allowed by default. You cannot change the default action for the uploaded applications.

Depending on whether the application is secure or not, you can set the Action (network access) to Allow, Block or Terminate for each application in the Application ControlClosed Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. policy.

Supported Actions

The supported actions for the applications are:

Action Description

Allow

Allows network access to the application.
Block Blocks network access to the application.
Terminate Terminates the application if it tries to access the network or immediately when it runs.

To configure termination settings:

  1. In the Policy view, go to Access > Application Control > Application Management.

  2. Select one of these options:

    • Terminate on execution - Selected by default. Makes sure that all terminated applications terminate immediately when they run.

    • Terminate on connection - Terminate an application when the application tries to access the network

App Rules

To review the policy for each application and its versions:

  1. In the Policy view, go to Access > Application Control > Application Management > Edit Application Control Policy.

  2. Click App Rules.

    The Action column shows the permission for each application. Left-click the Action column to select the action.

    The Version column shows the details for each version of the application, including a unique hash value that identifies the signer of the application version. You can block or allow specific versions of the same program. Each version has a unique Version number, Hash, and Created On date.

Application Control in Backward Compatibility Mode

Default Action for Unidentified Applications

Changing the default action for unidentified applications is only supported in backward compatibility mode.

To enable backward compatibility mode:

  1. Go to Endpoint Settings > Policy Operation Mode.

  2. Go to the required policy and select Mixed mode.

To change the default action for uploaded applications:

  1. In the Policy view, go to Access > Application Control > Application Management > Default action.

  2. Select the required default action.

Configuring the Application Control Policy

In addition to Allow, Block and Terminate, there are two more actions that you can configure in backward compatibility mode:

Unidentified (Allow) - The application is allowed because the default setting for applications that are imported from the Appscan XML is 
Allow, and the administrator did not change this action.

Unidentified (Block) - The application is blocked because the default setting for applications that are imported from the Appscan XML is Block, and the administrator did not change this action.