Anti-Executable Dashboard

EN : Using Deep Freeze Cloud Console : Anti-Executable Service : Anti-Executable Dashboard

The Anti-Executable Dashboard provides a dynamic view of the Anti-Executable activity across all computers. Anti-Executable actions can be performed directly from the dashboard.

Go to Home > Anti-Executable Dashboard to launch the Anti-Executable dashboard.

Overview

The following dynamic widgets are available:

• Protection Status – shows the number and % of computers where Anti-Executable is Enabled vs Disabled.

• Violations – shows the breakdown of violations count based on different violation types.

• Violations by Policies – shows the number and % of violations by policy name.

• Violations by Groups – shows the number and % of violations by group name.

• Violations History – shows the detailed violation history with the Date, File Name, Computer, Policy, Group, Violation Type, Status, and Violations.

• Daily Violation – shows a graph of number of violations by date.

• Violations Trend – Weekdays – shows a graph of number of violations by weekday.

• Most Blocked Programs – shows a graph of the most blocked program with the number of violations.

• Computers with Most Violations – shows a graph of computers with the most number of violations.

• Computers – shows a list of computers with the AE Status, AE version, Policy, Group, and Violation Report, and where you can select on which computers to perform Live Actions (Enable Protection, Disable Protection, Enable Maintenance Mode, Initiate a Local Control Scan).

File Events

File Events pane captures and summarizes Anti-Executable events in the context of a file. Files that need to be reviewed by the administrator are in bold.

Actions: Allow and Block actions have the following options:

• In All Policy Control List – This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

• In Reported Policy Control List – This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

The table has the following fields:

• Event Type – The following Event types are shown:

> Unknown File Allowed – a file that is not defined in Policy Control List or Local Control List, but is allowed to execute in Audit mode or Unknown File is set to Allow in Policy Settings.

> Unknown File Blocked – a file that is not defined in Policy Control List or Local Control List, or Unknown File is set to Block in Policy Settings.

> Block Override – a file that is defined as Blocked in Policy Control List but is allowed to run since Anti-Executable is running in Audit mode with Policy Control List settings not enforced.

> Control List Blocked – this event is logged when a file that is specified as Blocked in Policy Control List or Local Control List tries to execute and is blocked by Anti-Executable.

> Add – Maintenance Mode – this event is logged when a new file is added on a computer and it is not defined or present in Local Control List or Policy Control List.

• Add – AE Admin – An unknown file that gets blocked but an AE Admin chooses to add it to local client side file exceptions.

• Name

• Details

• Product Name

• Count

• On Computers

• In Policy

• Groups

• Actions

• Action Taken

Computer Events

Computer Events summarizes Anti-Executable events keeping a specific computer in context. Computers that need to be reviewed by the administrator are in bold.

Actions: Select one or more events and click Enable Protection.

The table has the following fields:

• Event Type – The following Event Types are shown:

> Anti-Executable protection disabled over 12 hours

> Anti-Executable protection disabled over 6 hrs but less than 12

> Anti-Executable computer in maintenance mode for over 6 hours

> Anti-Executable computer in maintenance mode for over 3 hrs but less than 6

> Computers with violations (highest count will show up first in the grid)

> Computers with new files added in Maintenance (highest count files show up first)

• Computer Name

• Count

• Last Reported

• In Policy

• Tags

• Groups

• Action

• Action Taken

AE Policy Stats

AE Policy Stats shows the status of each Anti-Executable policy. It clearly shows the deployment type for the Anti-Executable policy and other policy related information. The edit option allows administrators to change the Deployment type or change the Stage in the 3 stage deployment.

Actions: Hover your mouse on any of the Policies and click Edit to change the Deployment Type if required.

The table has the following fields:

• Policy Name

• Deployment Type

• Computers

• Unknown Files

• Files in Control List

• Unknown Files Violations in the Last 14 Days

• Policy Deployment Completion

Client Event Logs

Client Event Logs shows events occurring on the Anti-Executable client and reported to Deep Freeze Cloud by all computers where it is installed. This log will be a combination of all Anti-Executable events reported and displayed in order of the time the event occurred on the computer.

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

• In All Policy Control List – This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

• In Reported Policy Control List – This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

• In Reported Computer’s Local Control List – This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

The table has the following fields:

• Computer Name

• File Name

• Event Description – The following Event types are shown:

> Unknown File Allowed

> Unknown File Blocked

> File Added in Local Control List in AE Maintenance Mode

> File Added to Local Control List by AE User

> File Blocked - Defined block in Control list

• Time Stamp

• User

• Tags

• Group

• Policy

• Set Authorization

• Action Taken

Client Side File Exception

Client Side File Exception is a collection of all file exceptions added across all Anti-Executable computers that include the following situations:

• Local Control List in maintenance mode

• Files Added to Local Control List by Anti-Executable Administrator

• Files added to only Local Control List

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

• In All Policy Control List – This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

• In Reported Policy Control List – This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

• In Reported Computer’s Local Control List – This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

The table has the following fields:

• Computer Name

• File Name

• File Version

• Local Authorization

> Allowed - AE Maintenance

> Allowed - AE User Local

> Blocked - AE User Local

• Group

• Policy

• Set Authorization

• Publisher

• Product Name

• Comment

• Time Stamp

• Added By

Local Control List

Local Control List provides a dynamic table showing the Local Control List with all files for each computer managed by Anti-Executable. Select or search for the computer in the View Local Control List of Computer field. Select a computer to retrieve its Local Control List. A task is initiated and the Local Control List will be retrieved within 10 minutes.

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

• In All Policy Control List – This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

• In Policy Control List – This option Allows or Blocks the file in Policy Control List selected from the list.

The table has the following fields:

• File Name

• File path

• File Version

• Set Authorization

• Publisher

• File Hash

• Product Name

• Comment

• Time Added

• Added By

Central List

Central List tab provides a dynamic table which is an aggregation of all files reported across all Local Control Lists. Actions can be performed directly from the Central List tab.

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

• In All Policy Control List – This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

• In Policy Control List – This option Allows or Blocks the file in Policy Control List selected from the list.

The table has the following fields:

• File Name

• File Version

• Publisher Name

• Hash

• Product Name

• Comment

• Date