Hi! How to setup blocking of applications set? For example MAIL.RU-update.exe, MAIL.RU (folder), MAIL.RU-agent.exe - how to block apps using filename masks?
Depending on what or where you want to block the .exe file, it can be done by going to the associated profile for the device/device group and edit it.
In order to substitute file paths, extensions and so forth you can use the following rules/conventions:
?:\ - this substitutes any disk drives
\xxx.exe - This substitutes any folder path. It will be interpreted as all instances of xxx.exe regardless of the path.
*\ - This substitutes a portion in a file name path that may change depending on the username for example C:\Users*\Roaming\Microsoft\Windows
C:\random - Will match any files in folders with names starting with “random”, for example: C:\random, C:\randomname, C\randomfolder, C:\randomsomething etc. This is usually used as C:\Program Files*\ to exclude both Program Files\ and Program Files (x86) on 32 bit and 64 bit machines.
C:\folder*.* - Will match all files in the current directory, but none in sub-directories.
C:\folder*- Will match all files in the current directory and sub-directories.
*.exe - Will match any application with exe extension.
Add Antivirus Section to profile? And options there?
In the profile, go to Sandbox > Rules > Add Rule
Type: choose a file group or just the file path if you have just a few items
The rest of the options are there to make a more complex rule, depending on the source, reputation of the file and so forth.
Sanbox rule: Run restricted, File path=360 and 360*. But app dont blocked and runs without any prompts. Why? How to block start of this app?
Please send us the profile so we can see the rules that you have created. We will then advise further.
Got to ITSM -> Configuration Profiles -> Profiles -> select the profile and export it.
How many time need for workstations get new rules?
No more than a few minutes, depending on how you set it up in the console. You can use the “Refresh Information” after selecting a device and this will hurry up the process.
“Refresh information” - updates devices setiings, not C1 portal data?
When it updates the portal data, the connection between the Agent from the machine with the server. This also checks if the profile is correctly applied.