Configuring Application Permissions in the Application Control Policy

In the Application ControlClosed Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. Policy, review the permissions for applications for each application and application version.

For applications and application versions that you are know are secure, change the permission setting to Allow .

If you know the applications or application versions are not secure, change the permission setting to Block.

You can also configure that blocked applications will be terminated when they are started, or when they try to establish a network connection.

To review the policy settings for applications and application versions:

  1. In the Policy tab > Application Control ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., right-click the Allow Applications Action and select Manage All Applications

  2. The Product Rules section shows the details for each product, and the Permission for each:

    Permission Explanation
    Unidentified (Allow) The application is allowed because the setting for applications that are imported from the Appscan XML.is 
    Allow unidentified applications, and the application has not been configured by the administrator as Allow or Block.
    Unidentified (Block) The application is allowed because the setting for applications that are imported from the Appscan XML.is 
    Block unidentified applications, and the application has not been configured by the administrator as Allow or Block.
    Allow The application has been explicitly configured by the administrator to be allowed. This setting overrides the classification of the Reputation Service of an application.
    Block The application has been explicitly configured by the administrator to be blocked. This setting overrides the classification of the Reputation Service of an application.
    Terminate The application is terminated when it tries to access the network or immediately when it runs.

    The Versions for Application section shows the details for each version of the application, including a unique hash value that identifies the signer of the application version.You can block or allow specific versions of the same program. Each version has a unique Version number, Hash, and Created On date.

To configure the allowed applications:

  1. In the Policy tab > Application Control rule, right-click the Allow Applications Action and select Manage All Applications.

  2. For applications and application versions that you know are secure, right-click the application and change the permission setting to Allow .

  3. Click Close.

Users can only use applications that are included in the Allowed Applications List. Those are applications with the status Unidentified (Allow) and Allow.

To configure the blocked applications:

  1. In the Policy tab > Application Control rule, right-click the Blocked Applications Action and select Manage All Applications.

  2. For applications and application versions that you are know are not secure, right click the application and change the permission setting to Block.

  3. Click Close.

Users cannot use applications that are included in the Blocked Applications List. Those are applications with the status Unidentified (Block), Block and Terminated.

To configure terminated applications:

  1. Configure the Endpoint Security clients and the ComplianceClosed Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. policy to make it possible to terminate applications on the clients. See sk141692.

  2. In the Policy tab > Application Control rule, right-click the Blocked Applications Action and select Manage All Applications .

  3. To terminate an application when the application tries to access the network, right click the application and select Move product to Terminate. Applications that you select but do not communicate with the network (for example, Windows Notepad and Calculator) are not terminated.

  4. Click Close.

  5. Optional: To make sure that all terminated applications terminate immediately when they run:

    1. Right-click the Terminated Applications Action and select Manage Terminated Applications List.

    2. Select Terminate on execution.