Sophos Central - Application Control Frequently Asked Questions (FAQ)

  • Article ID: 122388
  • Updated: 20 Apr 2020
  • 10 people found this helpful

Overview

Application control enables administrators to block certain legitimate applications from running on work computers.

Typically, you would use Application control to prevent users from running applications that are not a security threat, but that you decide are unsuitable for use in your workplace environment, e.g., games or instant messaging programs.

In accordance with your company policy on Application control, you can authorize required applications, and block those which are not required, all from the Central Admin console.

This article answers some common questions about Application control.

The following sections are covered:

Applies to the following Sophos products and versions
Sophos Central Admin

How to block an application

All blocking and authorizing of programs is done in the Central Admin console.

We recommend that you detect the applications being used on your network and then decide which to block, as follows.

  1. Create or open a User or Server Policy.
  2. In the Policy Details list, click on Application control
  3. In the Controlled Applications list, click Add/Edit List.

    This opens a dialog where you can see the categories of applications that you can control. Sophos supplies and updates the list.

  4. Click an application category, for example Browser plug-in.

    A full list of the applications in that category is displayed in the right-hand table.

  5. We recommend that you select the option Select all applications. You'll refine your selection later.

    Note: If you want to control an application that isn't in the list supplied by Sophos, you may request SophosLabs add the application here.

  6. Click Save to List and repeat for each category you want to control.
  7. In Detection Options:
    • Enable Detect controlled applications during scheduled and on-demand scans.
    • Do not select any other options.

      Note: Application control uses the scheduled scans and the scanning options (which file types are scanned) that you set under Threat Protection.

  8. Click Save to save the policy.

  9. Allow time for all your computers to run a scheduled scan.
  10. Go to Logs & Reports > Events.
  11. In the list of event types, clear all the check boxes except Application Control.

    Detected applications are now shown in the list of events. Make a note of any you want to continue using.

  12. Return to your User or server Policy configuration.
  13. In the Controlled Applications list:
    • Find the applications you want to use and clear the checkbox next to them.
    • Select New applications added to this category by Sophos (optional). Any new applications that Sophos adds to this category later will automatically be added to your controlled list. Newer versions of applications already in your list will also be added.

      Note: Only select this if you're sure you want to control applications in this category from now on.

    • Click Save to List.

  14. In Specify detection options:
    • Select Detect controlled applications when users access them (You will be notified).
    • Select Block the detected applications.
    • Click Save to save the policy.

How to unblock a previously blocked application

  1. Edit the appropriate User or Server policy.
  2. Click on Application Control.
  3. Click Add/Edit List.
  4. Highlight the appropriate category, deselect the Application and then click Save to List.
  5. Click Save to save the policy.

Tips for implementing application control policy

  • When you enable scheduled scanning for application, ensure you have a scheduled scan set up in your user policy.

  • The Application Control policy can be configured so that the on-access scanner only reports to the console applications that have been opened and that you consider blocking. Hence, selecting the 'Allow detected applications' option will help you build up a picture of what effect a fully enabled application control policy will have on your users.

  • Before deploying a new Application Control policy, explain to your users which applications will be controlled. This may help to reduce the initial impact on your company's IT support resources, when users find some applications are no longer available.

  • Different groups of users will need different policies. For example, a staff who use the telephone a lot, may need an instant messaging program, while other staffs will not. Take this into account when planning your policies.

  • Deploy the application control policy across your network group by group.

How to check which applications are blocked or not

The only place where you can customize or change which applications are blocked or allowed is from the Sophos Central admin console. Locally on the computer, you can only switch the feature off or on but you must be a Sophos Administrator to do this. You cannot customize the policy nor allow an application locally.

If you need to check which applications are allowed or blocked for a particular computer you should move to the Sophos Central Admin console and review the specific application control policy applied.

Related information

Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.

Article appears in the following topics

Did this article provide the information you were looking for?

Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.

Sophos Footer