App Control Policies Overview

Updated on

This section provides optional background related to the VMware Carbon Black App Control solution. If you have experience or background knowledge on the App Control solution this section may be skipped.

1. What are Policies?

Enforcement level and approvals can be assigned to computer groups, called Policies. A policy consists of groups of settings and an enforcement level (see previous Enforcement Level section for more information). Each computer running an App Control Agent is assigned to a policy. Policies can be created based on security and organizational requirements. For example, policies may be assigned based on functional role (e.g., marketing, IT); location; or type of computer (e.g., laptop, server).

There are three main policy settings:

  • Basic Policy Definitions: policy name, basic security level (mode/enforcement level), etc.
  • Device Settings: control the way policy treats removable devices (device control)
  • Advanced Settings: control whether computers in a policy have certain file types blocked

2. Emergency Lockdown

Emergency Lockdowns

The App Control console home page includes an Emergency Lockdown button. When pressed all agent-managed endpoints' Enforcement Levels will be changed to High Enforcement. Once emergency lockdown has been enabled, administrators can click on the same button to restore computers to their former enforcement level.

Emergency lockdown shifts the entire environment into a highly secure state - where any unapproved files will be prevented from executing. This functionality may be used, for example, if a threat is seen and some endpoints are in low or medium enforcement. Once the threat has been resolved prior enforcement states can be restored.