App Control: What Are The Best Ways to Identify and Mitigate Unwanted Software in My Environment?
search cancel

App Control: What Are The Best Ways to Identify and Mitigate Unwanted Software in My Environment?

book

Article ID: 286790

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

What Are The Best Ways to Identify and Mitigate Unwanted Software in My Environment?

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Resolution

  • Identify:
    • Create a baseline report with a "pristine" computer to help measure software drift. (Reference the User Guide for your version for more information).
    • Search for commonly known software that does not fit your usage policy (Steam, iTunes, Spotify, BitTorrent, etc...) in your file catalogue).
  • Mitigate:
    • Run high enforcement policies to block unapproved software.
    • Create Execution Block rules for application executables.
    • Unapprove or Ban certificates of software you wish to block.
    • Disable or adjust the Reputation based approval setting to limit what gets automatically approved.

Additional Information

  • The "pristine" computer should be a reflection of what you want computers in that policy/drift report to look like software wise.
  • Creating and enforcing an approval pipeline for software will help drastically in controlling what software runs in your environment.
  • Manually setting an approval or ban on a certificate/file will override the Reputation approval setting.
Powered by Wolken Software