Endpoint Admission Defense Help >> Operation Guide >> PC Software Control Group >>Add/Modify PC Software Control Group

Add/Modify PC Software Control Group

This function you add or modify the PC software control groups.

Operation Procedure

1. Click the User Security Policy link on the User tab, then the PC Software Control Group link on the page that appears.
2. Click Add or corresponding to the PC software control group.
3. Type the basic information, and the select the default security mode.
4. Specify the software, process, service or file (by clicking the Add button and make configuration on the pop-up page).
5. Click OK.

Parameters

• Default Action for Check Failure: Select the default action for check failure in the security level of the PC software control group. This parameter applies to the PC software control group that does not use the global security mode when you add a security level. The global security mode is configured in on the User Security Policy > Security Level page and it has higher priority than this parameter setting.
• Service group: Select a service group for the PC software control group. The service group ensures privilege management of the PC software control group. The administrators and maintainers can add the PC software control group to one of the service groups to which they have the management privilege.
• Logical Combination of Group Items: Logical combination of the items in the PC software control group.
• Second-Check Interval: If the first check fails, the system does not report the check result. After the second-check interval expires, the system performs another check, and reports the check result if the check still fails. The value range of this parameter is 0 to 60 seconds. The value of 0 indicates the system immediately reports the check result if a check fails.
• Stop Forbidden Services/End Forbidden Processes: When you select Service for the Type field, the Stop Forbidden Services field is displayed. When you select Process for the Type field, the End Forbidden Processes field is displayed. You can select Yes or No for both fields. When the iNode client detects a forbidden service or process and the policy is Forbidden, the iNode client determines whether to stop that service or end that process based on your selection.

Precautions

• The PC software control group name is not editable after it is added, and must be unique.
• When modifying an PC software control group, you are not allowed to modify the type to which the PC software control group belongs.
• If you enable global security mode and select a global mode, this mode applies to all the PC software control groups no matter what security mode for each group policy you have selected. If the global security mode is not enabled, the security mode is the one you have selected when you add the PC software control group.
• An PC software control group must contain at least one software product, service, process or file.
• Type the software name the same as that in Windows Control Panel > Add or Delete Programs. The software name cannot contain semicolons (;). It can start or end with an asterisk (*) as wildcard.
• In a Windows OS, the name of a process must be consistent with that of the process in Windows Task Manager > Processes. In a Linux OS, the name of a process must be consistent with that of the process in the output of the ps -ef command. In an Mac OS, the name of a process must be consistent with that of the process in the output of the ps -awwx -o command command. Characters { | < > / % & ' \ " , ; * } are not allowed in the process name.
• The iNode client does not check system kernel processes that have a slash (/) in the name. For example, if INC requires checking of the events processes, the iNode client skips the system kernel processes such as events/0, and only checks non-kernel processes such as warning/events.
• For Windows, the service name must be consistent with that in the properties of the service listed in Services of Administrative Tools of the Windows Control Panel. For Linux, the service name must be consistent with that in the output of the service --status-all command. For Mac OS, the service name must be consistent with that in the output of the service --list command. The service name cannot contain any of the following characters: { | < > / % & ' \ " , ; * }.
• Software alias: When a terminal fails the software installation and running checking, if the rule-breaking software has an alias, the iNode client displays the alias. If not, the iNode client displays the software name. It is recommended to configure an alias for software if the software's name is hard to understand or you want to use another name for the software. Note that when the software group configured is used as a software allowlist, the software descriptions will never be displayed because allowlist software is approved software. A software alias cannot contain semicolons(;).
• Service alias: When a terminal fails service startup checking, if the rule-breaking service has an alias, the iNode client displays the alias. If not, the iNode client displays the service name. It is recommended to configure an alias for a service if the service's name is hard to understand or you want to use another name for the service. A service alias cannot contain semicolons(;).
• Process alias: When a terminal fails process running checking, if the rule-breaking process has an alias, the iNode client displays the alias. If not, the iNode client displays the process name. It is recommended to configure an alias for a process if the process's name is hard to understand or you want to use another name for the process. A process alias cannot contain semicolons(;).
• File alias: When a terminal fails file existence checking, if the rule-breaking file has an alias, the iNode client displays the alias. If not, the iNode client displays the file name and file path. It is recommended to configure an alias for a file if the file name and file path are hard to understand or you want to use another name for the file. A file alias cannot contain semicolons(;).
• Keyword Type: When the String option is selected, the keyword will be searched in .txt files only. When the Hexadecimal/Binary option is selected, the keyword will be searched in all types of files.
• When you configure a file for an PC software control group, the file path and name is the absolute path and name of the file. A Windows file path must start with x:\, where x represents a drive letter. A Linux or Mac OS file path must start with a slash (/). The file name must contain the file extension name, which cannot contain any of the following characters: * ? ; | # < > .
• When you configure a file for an PC software control group, the string-type keyword does not allow the following characters:{ + ; }. The Hexadecimal/binary-type keyword allows 0 to 9 and A to F of an even length.
• The version information is editable for the software to be added, while for the process and service, it is not available.
• You can set the check type for a process-type PC software control group. The check type can be Simple, Complex, or MD5. Use the Simple option when the process does not have a source file name. Use the Complex option to check the pseudo process, because its source file name is different from the image name on the Processes tab of Windows Task Manager. Use the MD5 option for advanced check. You need to calculate the MD5 digest of the software by using the embedded tool, and then send the MD5 digest to the iNode client. The iNode client checks whether the end point user is using the required process according to the digest.
• MD5 check rule for a required process: Matches the process name in Windows Task Manager and the MD5 digest configured for the process in INC. If both the process name and the MD5 digest are matched, the terminal user passes the security check; otherwise, the user fails the security check.
• MD5 check rule for a prohibited process: Matches the process name in Windows Task Manager and the MD5 digest configured for the process in INC. If neither the process name nor the MD5 digest is matched, the terminal user passes the security check; otherwise, if either of them is matched, the user fails the security check.
• When modifying an PC software control group, you are not allowed to modify the service group to which the PC software control group belongs.
• Complex check and MD5 check for processes are supported on Windows only, but not on Linux and Mac OS.