PC Software Control Group
PC Software Control Group defines the software, services, processes and file for check.
Software: The installation status is checked.
Processes: The running status is checked.
Services: The startup status is checked.
File: Checks the existence of one file or multiple files.
The PC software control group functions together with the security level and security policy:
The security level specifies the measure to be taken (monitor, inform, isolate, kick out or block and kick out) for policy-incompliant software/service/process/file.
A security policy specifies which software must, must not, or allowed to be installed, which processes must or must not be running, which services must or must not be started, and which files must or must not exist on the terminals.
An PC software control can work together with the Installed Allowed defined in the security policy to implement the white software only feature. For example, if a PC software control A is configured as an Installed Allowed one in a security policy, a user under the control of the security policy are only allowed to install the software products in group A. If software products other than these in group A are installed, the user cannot pass EAD authentication.
The MD5 calculation method varies by operating system. The following examples calculate the MD5 value for the test.txt file:
- For Windows operating systems, execute the CertUtil -hashfile "D:\test.txt" MD5 command as the administrator.
- For Linux operating systems, execute the md5sum /root/test.txt command as the administrator.
- For MacOS operating systems, execute the md5 "D:\test.txt" command as the administrator.
Functions
Parameters
- Default Action for Check Failure: Select the default action for check failure in the security level of the PC software control group. This parameter applies to the PC software control group that does not use the global security mode when you add a security level. The global security mode is configured in on the User Security Policy > Security Level page and it has higher priority than this parameter setting.
- Service group: Used to configure the service group to which the current PC software control group belongs. Administrators/maintenancers can add the PC software control group to their associated service groups.
- Logical Combination of Group Items: Select a logical combination of the items in the PC software control group. Options are AND or OR. If OR is selected, only one item is required to be installed. If AND is selected, all items must be installed.
Precautions
- When the logical combination of the items in a PC software control group is set to OR, the system takes the specific measure when any of the items in the group meet the requirements of the security policy. For example:
1) PC software control group A contains Norton, Kingsoft, and Rising. The security policy requires the software programs defined in PC software control group A to be installed on an endpoint. The endpoint can pass the security check when it has any of the three software programs installed.
2) PC software control group B contains QQ and MSN. The security policy prohibits software programs in PC software control group B from being installed on an endpoint. If the endpoint has either of the two software programs installed, it fails the security check. The endpoint can pass the security check only when it has neither of the two software programs installed.
- When the logical combination of the items in a PC software control group is set to AND, the system takes the specific measure only when all of the items in the group meet the requirements of the security policy. For example:
1) PC software control group A contains Norton, Kingsoft, and Rising. The security policy requires the software programs defined in PC software control group A to be installed on an endpoint. The endpoint can pass the security check only when it has Norton, Kingsoft, and Rising installed at the same time.
2) PC software control group B contains QQ and MSN. The security policy prohibits software programs in PC software control group B from being installed on an endpoint. If the endpoint has both QQ and MSN installed, it fails the security check. The endpoint can pass the security check only when it has either or neither of the two software programs installed.
Related Topics