When created restricting rule and user try to run restricted by this rule app he see CES popup message “Sandbox… app blocked”. Ok, but here have button “Dont isolate next time”. So user can override global rule?
The user can interact with the GUI from CCS but this is mainly a security breach if the user has the ability to white-list viruses.
In case versions of the same file appeared then the user will have to this again, in the console you can do white-listing by path for entire departments, for folders and subfolders.
The option is already available in the Windows profiles, but by default the option to not show pop-up alerts is enabled for the reasons presented above.
By default end user can whitelist any application and I dint find where I can setup it.
Both HIPS and Containment (Sandbox) have these kind of pop-ups. They can be disabled as shows here:
As shown in manual - “Add Profiles section - Containment” - there are no such option at ITSM interface.
Hello @Sergey ,
Indeed, the pop up is available only for HIPS, however the system is not designed to allow end users to manage the security on their endpoints, since is enough to have only one end user to allow a malicious file to run to infect an entire network. You could allow an end user to whitelist a file temporarily, however ITSM will overwrite the changes made locally with those that are defined by the administrator in the profile applied to that machine.
The question was why end user CAN OVERRIDE global security settings by default? I dont want this, but when end user start test app - he can choose “Dont virtualize anymore…”
Hello @Sergey ,
No, this can’t be done, as it would defy the purpose of centralized management. However, if you allow an user to do so (through profile), he can temporarily disable one of the component that he thinks that it could cause the issue.
Please be sure that below option is enabled on active profile.