This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Export a list the blocked applications from application control

Hi guys,

Im using the Application Control policy in our SEC (version 550).

Does somebody know, how to create a (simple) list/view from the applications that i have blocked in the policy?

Greetings,

Jeffrey



This thread was automatically locked due to age.
Parents
  • Hi,

    I can give you some information that might help.  It could be rolled up into a script I suppose to dump something slightly more meaningful.

    This file should have the latest data regarding application control and feeds the UI indirectly:

    C:\ProgramData\Sophos\Sophos Endpoint Management\[ver]\Updates\Secure\SDFs\SophosMA\sec\MSDC\vvf.xml

    For example CRMTool cat has an ID of 47:

    <vtyp:subtype sid="CRMTool" id="47" typeid="5">

    You can use the ExportConfig.exe tool to export the Sophos Application Control (SAC) policy to XML, e.g.

    "C:\Program Files (x86)\Sophos\Enterprise Console\ExportConfig.exe" -type SAC -policy test

     

    So if you have blocked certain items in a group, then you will see the applications individually.  E.g. 7-Zip above.  If you have blocked the whole group then you just get the group ID.

    Hopefully this is something of use although not a straight answer as such.

    Regards,
    Jak

Reply
  • Hi,

    I can give you some information that might help.  It could be rolled up into a script I suppose to dump something slightly more meaningful.

    This file should have the latest data regarding application control and feeds the UI indirectly:

    C:\ProgramData\Sophos\Sophos Endpoint Management\[ver]\Updates\Secure\SDFs\SophosMA\sec\MSDC\vvf.xml

    For example CRMTool cat has an ID of 47:

    <vtyp:subtype sid="CRMTool" id="47" typeid="5">

    You can use the ExportConfig.exe tool to export the Sophos Application Control (SAC) policy to XML, e.g.

    "C:\Program Files (x86)\Sophos\Enterprise Console\ExportConfig.exe" -type SAC -policy test

     

    So if you have blocked certain items in a group, then you will see the applications individually.  E.g. 7-Zip above.  If you have blocked the whole group then you just get the group ID.

    Hopefully this is something of use although not a straight answer as such.

    Regards,
    Jak

Children
  • Hi Jak,

     

    Just another question about application control. I have authorized a group "System Tools" (group id 54).

    Is there a way to show all Authorized groups with the allowed applications?

    I know when you have blocked the whole group you just get the group ID, but when you have authorized the whole group you don't see the Allowed groups (ID) in the SAC policy XML file.

     

    Regards,

    Jeffrey