Recently, we have seen a lot of inquiries from organizations about controlling portable applications. Portable applications have been around for many years, but are becoming more prevalent and represent a new level of risk to customers that want to maintain the integrity of their operating environment. The good news is that there are methods to contain these applications – let’s take a look.

Portable applications are simply applications that are a self-contained executable that can be run from a USB drive, a network drive or a cloud drive (see Wikipedia: Portable Applications for more details). In the past, most Windows applications would install the main executable as well as a number of DLLs and resource files. In addition to file changes, most applications would use the registry to store settings. Portable applications have grown with the increased prevalence of USB drives and the desire to be...

Arellia Endpoint Security Remediation Suite 7.1 Service Pack 1 is now released with key enhancements and bug fixes for all components: Application Control Solution, Local Security Solution, and Security Analysis Solution.

Application Control Solution

• Policy Wizard: wizard makes it easy to create policies to elevate or remove privileges and blacklist applications.
• Policy Priority Management: view all policies and their priority and change them in a single view.
• New Application Filters: network location filter enables policies based on endpoint location and file ownership filter enables policies based on trusted users.

Local Security Solution

• Policy Wizard: quickly create a randomization policy targeting administrators.
• Enhanced Console: improved performance, drag and drop, while still in a web console.

Security Analysis Solution

• CyberScope Reporting: generate: CyberScope reports with...

Over the years since Arellia released Local Security Solution, we have heard a number of interesting stories about the administrator password. The genesis of this product came directly from customer feedback after an interesting audit experience. In summary, the IT security auditor used a password cracking tool to find the local administrator password on one computer. This could have been any unlocked computer in any cubicle and there are myriad of free password crackers you can download from the internet: Cain and Able, John the Ripper, RainbowCrack, OphCrack. Most of these tools use a brute force or dictionary method to determine the passwords for the accounts on the system. Depending on the number of local accounts and complexity of the password, these tools can provide a list of passwords in minutes to hours. If the auditor picked the right computer, this could be done without anyone...

Using CMS 7.x to install software updates on the Mac works quite well.  Before installing updates there is a built-in mechanism with Task Server to notify the end user.  Once updates have installed, the Mac will automatically restart as the system is left in an unstable state.  I have been asked by users how they can insert one last dialog box to warn users that a restart is about to occur and possibly allow them to defer it just long enough to save work, etc.  Using Applescript, here is a sample script that can be incorporated into the patch workflow.  I would recommend you copy and paste the script into AppleScript Editor to make sure it compiles and runs.  Sometimes copy and paste will introduce errors.  Then, create a new Run Script task and select Applescript.  Then, copy and post the working code and Save.  Then, insert the script as part of the patching process, and viola!  you have your very own patch reboot deferral!