Endpoint Protection

 View Only

  • 1.  Creating Custom reports for Application Whitelisting

    Posted Jul 30, 2013 10:05 PM

    Good Morning\Afternoon Community,

    I have finally managed to implement application whitelisting and am now looking at reducing the administrative overhead of managing this aspect of the endpoint. One way i would like to do this is by using a custom report from the management console and having that emailed to our ops team every morning. This in itself is not difficult, the issue I have is that I would like to see the computer name where the block occured, not just the filename. I do not want to create 300+ individual reports for each machine in our environment, nor do i want to log on to each server in my environment if an exception is shown in the report.

    Any thoughts on how I can do this will be greatly appreciated, as I am happy to deal with 5-10 reports a day for groups of machines.

    Regards,

    Matt



  • 2.  RE: Creating Custom reports for Application Whitelisting

    Posted Jul 31, 2013 08:13 AM

    When you say "application whitelisting" are you talking about system lockdown?



  • 3.  RE: Creating Custom reports for Application Whitelisting

    Posted Jul 31, 2013 06:06 PM

    Yes, system lockdown. I have managed to get access to the local sem5 database, and i will be looking to generate a custom query that will give me a listing of any blocked application and the name of the machine that blocked the application.



  • 4.  RE: Creating Custom reports for Application Whitelisting

    Posted Jul 31, 2013 09:38 PM

    When you create the custom alert:

    Notification Conditions >> Add >> Client Security Alert and tick the box for Application Control Events, the PC name is not showing?

    I can't quickly test right now but I would've though it would show up in this custom alert.