Critical System Protection

Hello,

I have this customer scenario and would like to know if SCSP can solve it:

We have a requirement for a legacy application in our bank. This application uses a remote share to access and write its data. Hence, users of this application are automatically given read/write share access and can cause damage to the files in this share. We need a solution that can block user access to the shares, but allow the application to preform read/write operations on it.

For the base policy, use the sym_win_application_control_template.  

1. Add a custom program.
2. Under your custom program, go to Settings > Resource Lists > Writable Resource Lists > Allow modifications to these files > List of files that can be modified
3. Hit Add
4. Use a wildcarded path to the resource (ie. c:\MyApplication\data\*)
5. Enter in the path to the program that will be touching/changing these files (ie. c:\MyApplication\ApplicationExecutable.exe)
6. Enter a rule name (ie "AllowMyApplicationToChangeFiles")
7. Test before placing in production to make sure that you have the correct executable and file path

This should block anyone from modifying the files, but allow your application to change the files.

****Please note that this will only work if this is a hosted application that resides on the server that SCSP is installed on.  If the application resides on another endpoint, then we cannot tell who (i.e. what application) is hitting the files.