Author Topic: Restricted Applications list  (Read 24175 times)

Offline bellgamin

  • Newbie
  • *
  • Posts: 31
  • Kudos +1/-0
Restricted Applications list
« on: January 13, 2020, 05:34:38 AM »
REGARDING SAP's GUI>AppSettings>Application Whitelising>Advanced Settings>Restricted Applications

In SAP website's Knowledge Base, I could find no information about using this Restricted Applications panel.

I notice that the list of Restricted Applications is NOT activated by default when SAP is installed.

QUESTIONS:

A) I *assume* that checking the box beside any given app will activate it as a restricted app. If my assumption is CORRECT, then my question is this: Why doesn't SAP activate this entire list by default? ? ? 

B) What exactly does SAP do when an app on this list runs? Will it alert me or what?

C) For maximum protection --- Should I check all boxes for the entire list? Add to the list? Or.......?

By the way, SecureAPlus is really REALLY excellent!!!

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 351
  • Kudos +16/-0
Re: Restricted Applications list
« Reply #1 on: January 13, 2020, 09:46:29 AM »
The support page for restricted application is at the following: https://support.secureaplus.com/how-can-i-set-applications-as-restricted-application/

A) The check box is to select the item. For example if you want to remove a specific item, tick on the checkbox, and click on Remove button, then the ticked items will be removed.
    All the items are activated regardless of the ticked.
B) It will prevent the application to be set as a trusted installer. When a file is set as a trusted installer, any files created by it, will be automatically trusted (https://support.secureaplus.com/what-are-the-trust-levels-in-application-whitelisting/). A file can be automatically promoted to a trusted installer if the trust by digital signature is enabled (https://support.secureaplus.com/how-can-i-manage-my-application-whitelisting-mode-using-digital-signature/). For security reason, some files, although they are signed, you may never want it to turn into a trusted installer. For example, when a Chrome browser (signed by Google) created an executable file, since the digital signature is trusted, it can be automatically promoted to a trusted installer, but you may not want this to happen, as you don't want any files downloaded by Chrome browser to be automatically trusted. To prevent it to become a trusted installer, Chrome.exe is one of the application in the restricted application list.
C) No, you don't need to tick any of them, unless you are planning to delete them (tick and click on Remove button)

Thank you very much for the compliment. We hope for your continue support on SecureAPlus.