*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
Thirty years from now, if you’re watching a game show, and any of the questions start with “In what year….”, you can almost guarantee that the answer will be “2016”.
In our industry, one of my lasting memories will be the huge increase in ransomware and DDOS attacks that we have seen over the past 12 months.
I’ve lost count of how many household names have made the evening news bulletins, from public sector organizations, like healthcare providers, local and central government, to the biggest names in retail and banking. You’d be forgiven at times for thinking that we were fighting a losing battle. In fact, I’ve heard several ‘experts’ advise that it’s quicker and cheaper to just pay the ransom and move on!
Thankfully, we at AppSense know there is a way to mitigate all this! Many of our customers rely on us to control and protect their end user environments from attack. AppSense Application Manager 10.0, released this previous summer, gave customers more flexible and granular application control and privilege management options than ever before.
Whether you are protecting your physical endpoints or Citrix XenApp environments, our goal at AppSense is to provide you with a comprehensive level of ransomware protection and control, while allowing your users the flexibility to get on with their jobs, undisturbed, and with a great user experience.
Along with an increase in ransomware attacks, 2016 brought us some good news this Autumn. Microsoft announced the release of Windows Server 2016, which officially hit the shelves in October.
Windows Server 2016, with numerous enhancements around security, virtualization and cloud-readiness, is already being adopted at quite a rate and has been received warmly in datacenters everywhere. The release of AppSense Application Manager 10.1 further enhances our support in these key areas, as well as offering more flexibility and ease of use than ever before.
This goal of Application Manager 10.1 has focussed on three key areas:
- Windows Server 2016 Support
- Enhanced Ransomware Protection
- Ease of use
Windows Server 2016 Support
Application Manager 10.1 introduces a completely new driver, allowing a faster and more streamlined experience, along with fewer reboots. This updated and improved driver fully supports Windows Server 2016.
Enhanced Windows Store App Support
We’ve also added further support to the control of Windows Store Applications. Previously, an administrator could choose to block/allow either specific named applications, or all of them. In Application Manager 10.1, we have extended this support to include the ability to block/allow all applications based on the ‘Publisher’ of the App, allowing control of Windows Store applications with fewer rules.
Windows 10 OS Condition
When creating a rule targeting Windows 10 devices, Application Manager now allows conditions using the Windows 10 build number (minimum, maximum, greater than, less than and equals).
Administrators may now block/allow applications, or elevate/restrict privileges, based on the Windows 10 build number.
Enhanced Ransomware Protection
Protecting our customer’s environments from ransomware while still giving users the access that they need to do their jobs is important to us. It’s easy to just ‘slam the doors shut’ and not let anything unknown in to your environment, but does that make your users productive? To optimize user productivity, you must meet users halfway, by giving them the access and privileges that they need, but without compromising your security.
In Application Manager 10.1, we’ve gone even further to ensure that you’re protecting your environments AND your users remain productive!
Do your admins occasionally need to run PowerShell scripts? If so, you’ve probably had to leave powershell.exe open for them to use, and at the same time, open to being exploited!
This means that administrators can identify safe PowerShell scripts and Java archives without allowing users to introduce unknown ones.
For more on Trusted Ownership, watch this video.
Process & Configuration Protection
To help ensure users cannot circumvent protective measures, Application Manager prevents administrators from terminating the Application Manager process or tampering with Application Manager.
The “System Controls” feature of Application Manager 10.1 has been extended to include the protection of any process, so that those specified processes are protected from termination by users, including local administrators.
For example, an Antivirus process can be protected from termination by all users, including admins.
Extended Metadata by checking Digital Certificate
How can you be sure that the files on your whitelist are what they seem? How can you be sure they’re not a nasty virus masquerading as a good application?
When verifying a file using metadata, administrators may now optionally compare the entire certificate to determine the authenticity of the file.
Checks can be made against the entire certificate for validity and that the certificate hasn’t been revoked.
Ease of Use for Administrators
Application Manager 10.1 has several enhancements that simplify configuration process for Administrators and provide more flexibility in creating end user configuration policy.
Self-Elevation allows users to get admin privileges when they require them to run an application. This allows Administrators to remove admin rights in their environment, but still allow specific users the ability to ‘elevate’ their privileges for certain apps if they need to.
In Application Manager 10.1, Self-Elevation has been extended to support all file types, and Administrators may also specify that certain file extensions may only be elevated when open with certain applications (.vbs with wscript.exe, for example).
Policy Change Request options moved to ‘per-rule’
Policy Change Request allows ad-hoc, offline and emergency changes to Application Manager configurations. If a user needs urgent access to an application, they can request this in real time (over the phone, or via email), and that request can be granted without the need to roll out a whole new configuration.
Previously only set globally, with v10.1, Administrators can enable the Policy Change Request feature on a per-rule basis. This allows Policy Change Request to be enabled for some users, and not for others.
Extended Audit Logging
Finally, Application Manager 10.1 makes Auditing much clearer, by including new information in the audit logs to make it easier than ever to discover what happened, when, and why:
- New Events: Services Started/Stopped
- Parent Process name now included in 9000 events
- File Owner now included in 9000 events
- The Determining Rule that applied the policy is now included in events
For more on Auditing, watch the video.
For further information on AppSense Application Manager, please visit www.appsense.com.