Altiris® Application Control Solution™ 6.1 Release Notes

Article:DOC1579  |  Created: 2008-06-06  |  Updated: 2008-06-06  |  Article URL http://www.symantec.com/docs/DOC1579
Article Type
Documentation



Description



Question
What do I need to know about the 6.1 release of Altiris Application Control Solution?

Answer

AltirisApplication Control Solution ™ 6.1

Release Notes

Introduction

Features in this Release

Known Issues in this Release

Introduction

Application-level security attack, such as file system corruption, registry corruption, spyware, and keylogging, pose a serious threat to mission critical business operations. Altiris® Application Control Solution™ software helps you manage this risk by allowing you control of software applications in your Altiris environment. The 6.1 release of the solution includes a range of new filters, policy refinements, and whitelisting.

Features in this Release

The following are features of this release:

Support for Whitelisting

This release of Application Control solution introduces the ability to create policies that automatically gather information on software packages from folders, directories, and systems to compile whitelists of applications that are permitted in your environment. The new editable Application Control Policies can be configured to automatically keep up to date with any changes or additions to software packages.

Changes to the Default File Inventory Policy

The field "File Specification(s)" (which lets you specify which files are reported to the Notification Server) has been added to the Default File Inventory Policy as well as an advanced option “Per file delay”. “Per file delay”specifies a sleep time in milliseconds between the processing of individual files.

You can now also schedule file inventory as a task management task.

File Specification filters

File specification filters let you specify which files are reported to the Notification Server. For example, Executables in Windows Directories. A number of file specification filters are provided in this release by default.

New Executable Header filters

These new filters check the characteristics of executable headers. For example, "32-bit Executables". In this release a range of default filters are made available. Executable type filters cannot be created or modified directly.

New Security Catalog filters

A security catalog filter check if a specified file exists in a signed security catalog (.cat).

New File Parameter Collection filter

A file parameter collection filter specifies the hashes of files contained within a file collection (Resource Parameter Collection). Templates include:

  • Package executable contents
  • MSI executable contents
  • Reference System File Scan Results
  • Security Catalog Contents
New Command Line Filter

A commandline filter examines the commandline (excluding the primary executable) and applies a pattern match (Exact, Partial or Regular Expression).

New Secondary File Filter

A Secondary File filter addresses the situation where the intended action is not the primary executable (such as RunDll.exe), but rather a file specified within the commandline. It examines the commandline of an application to see whether there appears to be a secondary file. If so the secondary file filter applies the specified filters to the secondary file.

Time of Day Filter

These filters allow an application filter to be applied based on the specific time an application is launched. The time details can be set individually for each day of week, or applied to the same period on all days.

User Group Filter

These filters allow the application of application filters based on either the built-in account or Domain User Group status (if Altiris Local Security Solution is installed) of the user executing applications.

New Resource Parameter Collection

A Resource Parameter Collection is a new collection type that allows parameters to be configured by a user, without the need for any custom SQL programming. Templates include:

  • Package executable contents
  • MSI executable contents
  • Reference System File Scan Results
  • Security Catalog Contents
New File Scanning Policy

A file scanning policy scans a computer's contents according the settings in the File Specification(s) field (Example: Program Files), and reports on files that match items specified in the Reporting Filter(s) field (Example: Downloaded Program Files).

New Application Initiation Policy

An Application Initiation policy allows for the processing of security context actions before an application has been launched. This allows for the bypass of Windows Vista UAC prompts. An Application Initiation policy is similar to an Application Control policy but it only allows for the selection of Process Rights actions.

New Active X Installer application action

The ActiveX installer action allows an application (Example: Internet Explorer) to automatically install ActiveX components at an elevated privilege level.
ActiveX Components are reported by the File Inventory “Com Component Inventory” policy, which reports on downloaded ActiveX components

New Application Metering application action

The Application Metering action meters the usage of applications.  It reports the usage according to application control agent “Send Events” configuration option. There are no configurable options for this action.

New Package Resource Discoverer policy

This policy searches package contents for packages that have been modified since last being inventoried.

File Discovery Policy has been superseded

This policy has been removed, with its functionality moved into the Default Resource Agent Discovery Agent Policy (found in the folder Configuration > Solutions Settings > Security Management > Maintenance > Resource Discovery > Resource Discovery Agent Configuration), and Resource Discovery Update (found in the folder Configuration > Solutions Settings > Security Management > Maintenance > Resource Discovery).

Known Issues

File Inventory Agent - Authenticode hashes may not be reported on X64 systems

The Windows API CryptCATAdminCalcHashFromFileHandle is non-operational on Windows On Windows (WOW), on X64 systems.  This may cause Authenticode hashes to not be reported to the server during File Inventory discovery. 

Further details:

Authenticode hashes will be reported if an executable is first discovered by Application Control as this is a native X64 application. Because the Altiris agent and all plugins are X86 executables, they operate under the WOW subsystem, and as such are unable to calculate Authenticode hashes via the Windows API.



Legacy ID



41058


Article URL http://www.symantec.com/docs/DOC1579


Terms of use for this information are found in Legal Notices