8 results found

1. Freigabe von Skripten in der Application Control

   Es sollte möglich sein, bestimmte Skripte durch die Application Control freizugeben. Rein generell soll es Usern ja lieber nicht möglich sein die cmd.exe oder Powsershell.exe auszuführen. Teilweise ist dies aber für einige Programme erforderlich, sodass bestimmte Skripte ausgeführt werden müssen. Diese Skripte liegen unter fest definierten Pfaden auf Servern oder lokal) und können durch die User im Normalfall nicht bearbeitet werden. Zudem wäre es möglich, Powershellskripte zu signieren und das dazugehörige Zertifikat + Pfadangabe würde so zu einer erhöhten Sicherheit bei der Freigaberegel beitragen. Also eigentlich wie bei einer Datei-Eigenschaftsregel oder meinetwegen eine Erweiterung der Datei-Eigenschaftsregeln durch Angabe von Skripten

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   2 comments  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   released  ·  AdminAndreas Fuchs (Product Management, DriveLock SE) responded

   What is already possible today is authorization for individual scripts. In addition, you can build rules that check whether a parameter following PowerShell, for example, is permitted or not. This is possible with AC or Application Behavior Control (ABC).

2. DOC Companion should be part of ALF special rule DriveLock

   Even if a "DriveLock" special rule is created to allow drivelock components to runf doc-companion is blocked by AC. DOC-copanion online and offline installer should be include into the special Drivelock-Rule.

   3 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   released  ·  AdminAndreas Fuchs (Product Management, DriveLock SE) responded

   Since 2023.2 the installed doc companion (not the one downloaded by the user) is now included in the "installed drivelock components" special ac rule

3. App Control: Allow multiple hash algorithms simultaneously

   Current settings allow specifying only one hash algorithm before creating any AC rules. There is an increase in the use of indicators of compromise (IOCs) which some customers use to protect against emerging or existing threats. Usually those IOCs will contain hash values of known-bad files (malware) to be imported and blocked. However, depending on the intelligence source, such hash values can be based off various hashing algorithms, which will be a problem for DriveLock customers who are using a different hash algorithm. The suggestion is to support the use of multiple hash algorithms at the same time both when scanning endpoints and when manually creating blacklist/whitelist rules. Among the suggested and most commonly used algorithms are MD5, SHA1 and SHA256.

   Current settings allow specifying only one hash algorithm before creating any AC rules. There is an increase in the use of indicators of compromise (IOCs) which some customers use to protect against emerging or existing threats. Usually those IOCs will contain hash values of known-bad files (malware) to be imported and blocked. However, depending on the intelligence source, such hash values can be based off various hashing algorithms, which will be a problem for DriveLock customers who are using a different hash algorithm. The suggestion is to support the use of multiple hash algorithms at the same time both when… more

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   released  ·  0 comments  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

4. DCC Reporting zusätzliche Spalte: Aufrufender Prozess

   Nach der Einführung der Anwendungs-Berechtigungen wäre es praktisch im ControlCenter in den Ereignisreports eine Spalte "Aufrufender Prozess" auswählen zu können.

   2 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   released  ·  AdminUdo Riedel (CTO, DriveLock SE) responded

   2020.1

5. Application Control - Erstellung der Hash-Datenbank manuell steuern

   Den Start der Erstellung der Hashdatenbank steuerbar gestallten. Sprich... dem Benutzer die Möglichkeit geben, den Start selbst einzuplanen und das nicht sofort auszuführen, sobald die Policy "empfangen" wurde.

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   1 comment  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close
   released  ·  AdminUdo Riedel (CTO, DriveLock SE) responded

   2020.1

6. add hash to whitelist from log

   Use the Log files received to add directly into a Policy - Application Control Hash file.

   3 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   released  ·  1 comment  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

7. Bemerkungsfeldes im Dialogfeld „Eigenschaften einer Hashdatenbank“

   Wir bitte um Erweiterung des Bemerkungsfeldes im Dialogfeld „Eigenschaften einer Hashdatenbank“ auf mind. 2048, besser noch 4096 Zeichen.
   Begründung:
   Wir schreiben in die Bemerkung i.d.R. die Namen der gescannten Softwarepakete und das Scandatum bzw. den Versionsstand. Um dort 50 Einträge speichern zu können würden ca. 2048 Zeichen benötigt. Für 100 Einträge wären ca. 4096 Zeichen notwendig.

   2 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   released  ·  0 comments  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

8. Controll and Block specific child processes

   Als Administrator möchte ich kontrollieren können, welche Applikationen CMD,Powershell,CScript etc. als Kind-Prozesse starten können.
   So hätte ich einen besseren Schutz vor sogenannten Fileless-Attacken.

   As an administrator I want to be able to control which applications CMD,Powershell,CScript etc. can start as child processes.
   This would give me better protection against fileless attacks.

   2 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   released  ·  0 comments  ·  Application Control  ·  Delete…  ·  Admin →
   How important is this to you?

   Nice to have You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close