Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 11865 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Control - General Query

isoffice

Hi All,

I have created a policy within Enterprise Console (5.2.1 R2) to detect (but allow to run) all applications that users on our network may be using. I am slightly concerned that this may result in the creation of large log files on the Enterprise Console Server.

Does anyone know where these events are logged and is it likely to impact on the performance of the Enterprise Console Server and/or the client PC? We have approximately 600 client PCs.

Any pointers on how long I should let this policy run or best practice in this area would be much appreciated.

Many thanks,

JP

:50022


This thread was automatically locked due to age.
Parents
  • 0

    Hi Christian,

    Thank you for your prompt reply. It has given me a much better idea on how to shape any Application Control policy we may wish to deploy to our client PCs in the future. I'm currently in a testing phase and I'm feeling out the capabilities of the various policies which can be imposed on our network PCs.

    One other thing though. As I'm detecting the applications, but still letting them run, I can see entries in the endpoint PC's Quarantine area in the SAV GUI. If I return everything back to it's previous state, i.e. Application Control disabled, will these entries be flushed from Quarantine?

    Many thanks for your time and assistance,

    JP

    :50032

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

Reply
  • 0

    Hi Christian,

    Thank you for your prompt reply. It has given me a much better idea on how to shape any Application Control policy we may wish to deploy to our client PCs in the future. I'm currently in a testing phase and I'm feeling out the capabilities of the various policies which can be imposed on our network PCs.

    One other thing though. As I'm detecting the applications, but still letting them run, I can see entries in the endpoint PC's Quarantine area in the SAV GUI. If I return everything back to it's previous state, i.e. Application Control disabled, will these entries be flushed from Quarantine?

    Many thanks for your time and assistance,

    JP

    :50032

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

Children
No Data
Unfiltered HTML