Configure Application Groups

Application Groups

Endpoint Central enables administrators to categorize applications into logical groups based on criteria like department, role, function, or any other relevant classification, enhancing visibility and control. There are two main types of listing namely Allowlist and Blocklist.

To effectively control applications, first identify those installed on endpoints. Endpoint Central's agents scan every endpoint and provide the inventory of the applications and their executables, enabling you to create application groups. Refer below to create application groups.

Application Allowlisting

Application allowlisting permits only pre-approved applications to run on endpoints, while blocking all other software, mitigating malware and unauthorized software installations. By creating a list of trusted applications and permitting only those to run, Endpoint Central ensures that endpoints remain secure and protected from potential threats.

Application Blocklisting

Application blocklisting restricts the execution of specific unauthorized or malicious applications. Endpoint Central enables admins to create and manage a blocklist. By maintaining this blocklist, administrators can proactively safeguard their endpoints from known security risks, such as malware or unauthorized software.

Create Application Groups

  • Login to the Endpoint Central web console and navigate to App Ctrl -> Application Groups.
  • Click Create Allowlist or Create Blocklist, based on the type of application group you wish to build.
  • Choose Windows or Mac OS according to the systems the group is being created for.
  • Once inside this module, give the application group an apt name and description, if required.

    create app group

  • Initially, all the installed applications discovered in the systems with agents will be displayed to you, as the All option will be selected by default. The application groups can be created using the filters and custom rules to choose the applications. To know more about the filters applicable for Windows and Mac, refer to these pages.
  • Once you have specified all the necessary rules to add your required applications, you can proceed to click Create.

Filters in Creating Application Groups for Windows

The applications can be added to specific groups using the different filters while creating an application group. All the discovered applications will be checked to see if they comply with the rules set and will be added to the application group based on this. The different rules that can be set are based on the vendors, product names, executables with valid certificates and the hash value of the EXE(s). Click on the drop-down button near 'All' if you wish to specify any other rule. The other filter rules are as follows:

Filter Rules

Trusted Vendors

Trusted Vendors are those software companies that have digitally signed their software with a code signing certificate to verify its authenticity and integrity. Trusting software vendors without valid certificates can cause backdoor attacks. Publisher verification gives app users and organization admins information about the authenticity of the developer's organization. The trusted vendors will be listed and once added to an application group, the applications of the selected vendors will be allowlisted/blocklisted.

Vendors Rule

Product Name

This filter can be used to add specific applications from different vendors. The discovered applications will be listed according to the product name.

Product Rule

Verified Executables

Applications are composed of several executable files. To ensure authenticity, each executable is digitally signed by the vendor. Application Control shows you these verified files, allowing you to select which ones can be run (allowlisted) or blocked. This is crucial for network security, as any executable with a tampered digital signature will be prevented from executing.

Executable Rule

File Hash

This filter relies on the unique hash value of each executable file. This means that all running processes, even those without valid digital certificates, will be shown to you for review.

File Hash Rule

Folder Path

The applications under a folder can be allowlisted/blocklisted by specifying the folder path. You can put all the applications that you trust into a folder to group those apps in one go.

Folder Path Rule

StoreApps Rule

Along with facilitating the grouping of legacy applications, Application Control also provides support for Windows 10 and 11 Store Apps. This rule discovers all the StoreApps that run in the managed endpoints and lets you instantly group the applications of your choice.

Storeapps rule

Custom Rule

This feature lets you define custom criteria such as the vendor, product name, verified executable, or file hash to create application rules that are not detected in your network.

Custom Rule

Filters in Creating Application Groups for Mac

The applications can be added to specific groups using the different filters while creating an application group. All the discovered applications will be checked to see if they comply with the rules set and will be added to the application group based on this. The different rules that can be set are based on the vendors, application names, executables with valid certificates and the hash value of the EXE(s). Click on the drop-down button near 'All' if you wish to specify any other rule. The other filter rules are as follows:

Filter Rules

Vendors

Publisher verification gives app users and organization admins information about the authenticity of the developer's organization. When an app has a verified publisher, this means that the organization that publishes the app has been verified as authentic. The vendors will be listed and once added to an application group, the applications of the selected vendors will be allowlisted/blocklisted.

Vendors Rule

Application

This filter can be used to add specific applications from different vendors. The discovered applications will be listed according to the product name.

Product Rule

Binary

The executable files in mac are called binaries and this filter can be used to add the binary files of the applications.

Binary Rule

File hash

This filter relies on the unique hash value of each executable file. This means that all running processes, even those without valid digital certificates, will be shown to you for review.

File Hash Rule

Folder Path

The applications under a folder can be allowlisted/blocklisted by specifying the folder path. You can put all the applications that you trust into a folder to group those apps in one go.

Folder Path Rule

Custom Rule

This feature lets you define custom criteria such as the vendor, product name, verified executable, or file hash to create application rules that are not detected in your network.

Custom Rule

Application Group Summary

The summary of the application groups created can be viewed by selecting the specific application group. The rule details and the associated custom groups will be listed in the application group summary.

App Group Summary

Allow All Child processes

Child processes are processes initiated by running applications. While they can be vulnerable, this setting enables trusted applications to create child processes securely. By allowing only authorized applications to spawn child processes, you can significantly reduce the risk of security breaches. The child processes of the applications would run even if they are blocked.

To configure child process, follow the steps given below:

  • Login to the Endpoint Central web console and navigate to App Ctrl -> Child Process.
  • In the Global Child Process Configuration, select the applications that will be able to run child processes.
  • Click Apply.

You have successfully enabled a child process.

Child Process

If you have any further questions, please refer to our Frequently Asked Questions section for more information.