Protection Settings
Configure the following settings:
Protection Status
Enable Protection – select this option to launch only the approved applications.
Disable Protection – select this option to launch all applications.
Settings
Deployment options
Choose one of the following deployment options:
Option 1: Staged Deployment
Staged Deployment on computers with unauthorized software. Select this option and click Next. The staged deployment has 3 steps:
• Stage 1 – Audit only (build a Policy Control List): In this stage, Anti-Executable runs in logging mode to collect information about the files and executables launched on the computers. All files are allowed to run on client computers and file executions are logged. Unknown files are allowed to launch and violations are logged in the Anti-Executable Dashboard.
> Allow All Windows OS files – add all Windows OS files to the Local Control List as Allowed.
| To keep the Local Control List updated with all Windows OS files after installation, run Windows Updates during Maintenance Mode. |
• Stage 2 – Partial Protection (enforce Policy Control List and Allow Unknown files): In this Stage, files specified in the Policy Control List are Allowed or Blocked as defined. All files not specified in the Policy Control List (unknown files) are allowed to execute and reported as violations in the Anti-Executable Dashboard.
> Allow All Windows OS files – add all Windows OS files to the Local Control List as Allowed.
• Final Stage – Full Protection (Enforce Policy Control List and Block Unknown files): In this stage, the Policy Control List is enforced and all Unknown files are blocked. Files specified in the Policy Control List are Allowed or Blocked as defined. All files not specified in the Policy Control List (Unknown Files) are Blocked and reported as violations in the Anti-Executable Dashboard.
> Allow All Windows OS files – add all Windows OS files to the Local Control List as Allowed.
Option 2: Deploy on newly Installed or Imaged computer environment
This option authorizes everything that's pre-installed on the computer for execution and creates a Local Control List. All executables installed on the computer are allowed to run unless it is explicitly blocked in the Anti-Executable Dashboard.
In this option, the Policy Control List is enforced. Unknown Files are blocked and violations logged in the Anti-Executable Dashboard.
| To globally block files on client computers, add those files as Blocked in Policy Control List. File and folder authorization set in Policy Control List, overrides authorization set in Local Control List. |
Option 3: Custom Deployment
The custom deployment is based on your unique requirement which can be configured in the policy. Configure the following settings:
Authorization Settings:
• Policy Control List – A Policy Control List contains a list of files and executables for the particular policy with the information if the file is Allowed or Blocked. Select one of the following options:
> Enforce. Log Violations – enforce the Policy Control List and log the violations in the Anti-Executable Dashboard. The files will be Allowed or Blocked as specified in the Policy Control List.
> Do Not Enforce. Log Violations – do not enforce the Policy Control List and log the violations in the Anti-Executable Dashboard.
• Unknown Files – Unknown Files are the files that are not in the Local Control List or Policy Control List. Select one of the following options:
• Scan all files and create a Local Control List during installation – scan the computer and create a Local Control List of all files present on the computer when the Anti-Executable Client is installed.
• Allow All Windows OS files – add all Windows OS files to the Local Control List as Allowed.
| To keep the Local Control List updated with all Windows OS files after installation, run Windows Updates during Maintenance Mode. |