Application Control

In This Section: Working with the Application Control Policy Reputation Service

The Application Control blade restricts network access for specified applications. The Endpoint Security administrator defines policies and rules that allow, block or terminate applications and processes. Only applications that try to get network access can be blocked or terminated. If specified in an Application Control rule, an alert shows which application was blocked or terminated.

You can also enable the Reputation Service (previously called the Program Advisor) to recommend applications to allow or block.

Working with the Application Control Policy

Configure which applications are allowed, blocked, or terminated and what happens when applications are not identified.

To configure the allowed applications:

1. In the Policy tab > Application Control rule, right click the Allowed Apps Action and select Manage Allowed Apps List.
2. To add more applications, click Add and select applications from the Search Applications window.
3. Click OK.

To configure the blocked applications:

1. In the Policy tab > Application Control rule, right click the Block Apps Action and select Manage Blocked Apps List.
2. To add more applications, click Add and select applications from the Search Applications window.
3. Click OK.

To configure terminated applications:

1. In the Policy tab > Application Control rule, right click the Terminated Apps Action and select Manage Terminated Apps List.
2. To add more applications, click Add and select applications from the Search Applications window.
3. Click OK.

If you block unidentified applications, users can only access applications that are included in the Allowed Apps List. If you allow unidentified applications, users can access all applications that are not on the blocked or terminated list. If you choose to allow unidentified traffic, make sure your blocked and terminated lists are complete.

To configure what happens to unidentified applications:

In the Policy tab > Application Control rule, select Block Unidentified Applications, or right click and select Allow Unidentified applications.

Terminated applications are not allowed to pass through the firewall.

Reputation Service

The Check Point Reputation Service is an online service that automatically creates recommended rules that block or allow common applications. These rules are based on the recommendations of Check Point security experts. This feature reduces your workload while improving security and usability.

Note - Your Endpoint Security Management Server must have Internet access (on ports 80 and 443) to connect to the Check Point Reputation Service Server. Make sure that your firewall allows this traffic. We recommend that you add the Reputation Service Server to your Trusted Zone.

To see the recommendations of the Reputation Service for safe applications:

1. In the Application Control rule, right click the Allow Whitelisted Apps action and select Manage Allowed Apps List.
2. In the Allow Applications List, select Good Reputation from the options menu.

   A list of applications with a good reputation, generated by the Reputation Service, opens. You can move applications to the Block or Terminate list.

To see the recommendations of the Reputation Service for malicious applications:

1. In the Application Control rule, right click the Terminated Apps action and select Manage Terminated Apps List.
2. In the Terminate Application List, select Known Malware Apps from the options menu.

   A list of malicious applications, generated by the Reputation Service, opens. You can move applications to the Block or Allow list.