Configuring Application Permissions in the Application Control Policy

Applications that were uploaded with the Appscan XML file are allowed by default. You cannot change the default action for the uploaded applications.

After the applications are uploaded, you can review the actions for each application In the Application ControlClosed Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. policy.

For applications and application versions that you are know are secure, change the permission setting to Allow .

If you know the applications or application versions are not secure, change the permission setting to Block.

You can also configure that blocked applications will be terminated when they are started, or when they try to establish a network connection.

To review the policy settings for applications and application versions:

  1. In the Policy view, go to Access > Application Control > Application Management > Edit Application Control Policy.

  2. The Action column shows the permission for each application. Left-click the Action column to select the permission.

    Permission Explanation

    Allow

    The application is allowed.
    Block The application is blocked.
    Terminate The application is terminated when it tries to access the network or immediately when it runs.
  3. The Version column shows the details for each version of the application, including a unique hash value that identifies the signer of the application version. You can block or allow specific versions of the same program. Each version has a unique Version number, Hash, and Created On date.

To configure termination settings:

  1. In the Policy view, go to Access > Application Control > Application Management.

  2. Select one of these options:

    • Terminate on execution - Selected by default. Makes sure that all terminated applications terminate immediately when they run.

    • Terminate on connection - Terminate an application when the application tries to access the network

Application Control in Backward Compatibility Mode

Default Action for Unidentified Applications

Changing the default action for unidentified applications is only supported in backward compatibility mode.

To enable backward compatibility mode:

  1. Go to Endpoint Settings > Policy Operation Mode.

  2. Go to the required policy and select Mixed mode.

To change the default action for uploaded applications:

  1. In the Policy view, go to Access > Application Control > Application Management > Default action.

  2. Select the required default action.

Configuring the Application Control Policy

In addition to Allow, Block and Terminate, there are two more actions that you can configure in backward compatibility mode:

Unidentified (Allow) - The application is allowed because the default setting for applications that are imported from the Appscan XML is 
Allow, and the administrator did not change this action.

Unidentified (Block) - The application is blocked because the default setting for applications that are imported from the Appscan XML is Block, and the administrator did not change this action.