Client Management Suite

Hi All,

I know I could do this with App Metering in NS6.  But im wondering if the same functionality is available with CMS7.1 as I cant seem to find it within the App Meetering \ Software managment config.  I can work out how to "Blacklist" and app,  but not a method of "Whitelisting".

Basically,  we are looking to track the execution of "unauthorised" apps within our environment.  We will have a (rather large) "Whitelist" of allowed applications,  thats wont be monitored by app metering.

We then want any other apps that fall outside of this whitelist,  that might be executed to be monitored and logged within the DB. We need to ensure that even a single execution is logged, regardless of how long the software is installed for..

For example  lets say someone executes a torrent application,  downloads what they want, then deletes the torrent executable before our app inventory has run.

Is this something that CMS 7.1 is able to track?

Thanks om Advance

Adam

I understand your theory as you have described it but essentially it will not work. Your "whitelist" would have ot include every .EXE for every version of the OS as well as every .EXE for every version of your standard apps. I would think this alone would make your "whitelist" reach almost 1000 .EXE's if not double or triple that number. In your approach if you miss just 1 single OS whitelist app you could overwhelm your NS with application start/stop events because every computer in your environment would be executing this file all the time.

My suggestion would be to use the "blacklist" stand-alone metering rules and add only those executables to the list you want to monitor. I in fact use multiple monitors and break-up the list into segments for things like IM clients, P2P apps, desktop search apps etc. It a much more managable approach. Although you do need to know what application may be used but there are plenty of sites out there with published lists of the top 50 or 100 apps in each of these categories so adding them to a blacklist is less time consuming than creating your whitelist.

Thanks for your reply.

As I mentioned the whitelist is a rather large list, so it does cover all executables included with the OS.  Even so, with a "phased" implementation,  this could start with a very small number of computers (even as little as 1 or 2 standard PC's),  capturing and "Whitelisting" each executable over a small period of time. Once this whitelist is finalised then it can be expaneded to a larger user base, with minimal load on the NS as the whitelist is already built.

It is trued that this would be quite a monumental task,  but I wouldnt say that it is not doable (except that it seems functionally not possible in 7.1).

Unfortunatly the nature of the requirment cannot leave anything to chance.  So simply monitoring a predefined "blacklist" of, lets say, the most "common" torrent clients will not meet the requirement as there is still that small possibility that a not so common client is used.