Data Security Endpoint Applications

2y ago
18 Views
2 Downloads
207.18 KB
12 Pages
Last View : 21d ago
Last Download : 2m ago
Upload by : Eli Jorgenson
Transcription

Data Security EndpointApplicationsEndpoint Applications Data Security Solutions Version 7.7.xYou can monitor any number of applications on the endpoint. Websense has analyzedthe metadata for dozens of applications and can monitor these with great accuracy.(They are listed in this article.) You can add other applications to the list. If you wantto analyze the applications based on their metadata, you can use a utility thatWebsense provides. Built-in support, page 1 Importing other applications, page 8Built-in supportEndpoint Applications Data Security Solutions Version 7.7.xFollowing are the applications that you can choose to monitor on the endpoint whenyou set up your endpoint policy. This includes software applications, Webapplications, and SaaS (software as a service) applications.Also noted is whether the application is supported on Windows endpoint, Macendpoint, or both, and the type of operations that can be analyzed by Data Security.Mac Endpoint was introduced in v7.7.2. Please note that only File Access can beanalyzed on Mac utPasteFile AccessCopy/CutPasteInternetExplorerOpera InternetBrowser*Safari WebBrowser**Data Security - Endpoint Applications 1

Data Security Endpoint ApplicationsGroupApplicationCD BurnersAcousticaMP3 ionsCopy/CutPasteFile AccessFile AccessCopy/CutPasteFile AccessPasteAlcohol 120%AlcoholLauncherCD MateDisk Utility*Nero BurningROMRoxio CreatorClassicEmailiTunes*Apple Mail*EudoraEudora LightEudora ProLotus NotesMicrosoftOutlook 2003,2007, 2010*MicrosoftOutlookMobileManager 2003,2007, 2010*MozillaThunderbirdOutlookExpressPegasus Mailfor WindowsPegasus MailWSENDTOUtilityWindows Mail2 Websense Data Security

Data Security Endpoint ApplicationsGroupApplicationEncryptionSoftwareDK2 NetworkServer RemoteMonito - tionsCopy/CutPasteFile AccessFile AccessCopy/CutPasteFile AccessFile AccessFileEncryption XPWindowsPrivacy Tray(WinPT)FTPCore FTP AppCuteFTP FileTransferApplicationDropbox*FileZilla FTPClient*FlashFXPFTPVoyager LeechFTPServ-U FileServer EXEServ-U FileServer TrayApplicationServ-U FTPServer SetupUtilitySmartFTPClientWS FTP ProApplication WS FTPProfessionalData Security - Endpoint Applications 3

Data Security Endpoint ApplicationsGroupApplicationIMAdiumWindowsMac*AOL InstantMessengerGoogle TalkiChat*ICQ c 2007MicrosoftLync 2010MXit PC v1.2OfficeCommunicator2005QQ*Skype*Windows rModule Yahoo!Messenger4 Websense Data utPasteFile AccessFile AccessPaste

Data Security Endpoint e Reader8.1WindowsMacMicrosoftAccess 2003,2007, 2010MicrosoftExcel 2003,2007, steFile AccessCopy/Cut*MicrosoftInfoPath 2007,2010MicrosoftOneNote2003, 2007,2010MicrosoftPowerPoint2003, 2007,2010*MicrosoftProject 2003,2007, 2010MicrosoftPublisher2003, 2007,2010MicrosoftVisio 2003MicrosoftVisio 2007,2010MicrosoftWord 2003,2007, 2010*NotepadOpenOffice.org Suite*Stickies*TextEdit*WordPadData Security - Endpoint Applications 5

Data Security Endpoint edOperationsDefaultOperationsCopy/CutPasteFile AccessDownloadCopy/CutDownloadCopy/CutPasteFile AccessFile AccessPasteINGENIXinteGreatSequelP2PAres p2p oBittorrenteMule - eMuleFrostWireKazaadownload/databaseviewer a - KDatKazaaQuickLinksHandler/Generat - KSigklrun: protocol- Kazaa 6 Websense Data Security

Data Security Endpoint ApplicationsGroupApplicationPackagingSoftware7-Zip DefaultOperationsCopy/CutPasteFile AccessFile AccessCopy/CutPasteFile AccessFile AccessCopy/CutPasteFile PortableDevicesBluetoothStack COMServer BTStackServerFsquirtiTunes*Wireless LinkFile TransferApp - IrftpSaaS Oracle CRMon demandoutlook.comRightNowSales-ForceWorkDayData Security - Endpoint Applications 7

Data Security Endpoint ile AccessNoneMSTSCNT BackupToolVista BackupToolVMWare*Starting in v7.7.2. Note: Mac Endpoint only analyzes the File Access operation**Starting in v7.7.3 Note: Mac Endpoint only analyzes the File Access operationYou can also configure Data Security to block and/or audit screen captures when aspecific endpoint application is running. Navigate to the Resources EndpointApplications page and click on the application name to enable this feature. Thisfeature is only supported on Windows operating systems.Importing other applicationsEndpoint Applications Data Security Solutions Version 7.7.xIf you want to monitor an endpoint application other than the ones supplied byWebsense, follow the instructions below. The instructions vary depending on theoperating system, as well as the type of application.Windows Desktop ApplicationsThe following applies to Windows applications prior to Windows 8, as well asWindows 8 desktop applications. For instructions on how to monitor Windows Storeapplications, see the section below, Windows 8 Store apps.There are 2 ways to import applications onto the Data Security server for Windowsdesktop applications:1. Selecting Main Resources Applications New Application/ OnlineApplication. See Endpoint Applications.When you add applications using this screen, they are identified by theirexecutable name. Occasionally, users try to get around being monitored bychanging the executable name. For example, if you’re monitoring “winword.exe”on users’ endpoint devices, they may change the executable name to “winword.exe” to avoid being monitored.8 Websense Data Security

Data Security Endpoint Applications2. Using an external utility program, DSSRegApps.exe. This method records theapplication’s metadata, so that Websense Data Security can analyze the metadata.In other words, if the name of the application is modified by an end users, WebsenseData Endpoint can still identify the application and apply policies.NoteThis tool can be copied to any other machine and beexecuted on it as long as it has connectivity to the DataSecurity Management Server.To use the external tool to import applications in the Data Security server:1. Go to [%DSS Home%] directory (Default: C:\Program Files\Websense\DataSecurity Suite) and double-click DSSRegApps.exe. The Get File Propertiesscreen is displayed.2. Complete the following fields:FieldDescriptionIP Address/HostnameInsert the IP Address or Hostname of the Data Security Server.User NameProvide the user name used to access the Data Security Server.This is the user name assigned to administrators that have relevantpermissions.PasswordEnter the Password used to access the Data Security Server. Thisis the password assigned to administrators with relevantpermissionsFile NameInsert the File Name of the application, e.g. Excel.exe OR clickthe Browse. button and in the Open dialog box, navigate to theFile Name of the application and double-click it.Display NameEnter the name of the application as you want it displayed in theData Security Management Server.3. Click OK.A message will appear indicating that the application was successfully registered withthe Data Security Server. The Get File Properties screen will be re-displayed with theData Security Server fields completed, but the File Name and Display Name empty.This allows you to select additional applications to register with the Data SecurityServer. Continue this process until all applications are registered. When you arefinished adding applications, click the Cancel button in the Get File Properties screen.Windows 8 Store appsStarting in Data endpoint v7.7.3.1629, you can import Windows 8 Store apps into yourEndpoint Applications list. The following instructions do not apply to Windows 8desktop applications. For instructions on how to monitor Windows desktopData Security - Endpoint Applications 9

Data Security Endpoint Applicationsapplications, see the section above, Windows Desktop Applications.Note: In order to monitor file access on Windows 8 Store apps, you must first addRuntimeBroker.exe as an endpoint application, and monitor file access on thisapplication. However, the endpoint monitors all Windows Store apps accessing filesthrough the runtime broker and not just the designated app. RuntimeBroker.exe is aWindows desktop application, so follow the instructions in Windows DesktopApplications to add this as an endpoint application.To import Windows 8 Store apps, select Main Resources Applications NewApplication. See Endpoint Applications.Windows 8 Store applications are identified by their application name. You should usethis name in the “executable name” field on this screen. Wildcards are supported.To identify the application name:1. Open PowerShell (run as administrator if you want to collect Windows 8Store apps for all users, or run as the current user if you want to collect appsfor the current user).2. Run the command "Get-AppXpackage -Allusers" to list apps for all users(requires you to run PowerShell as administrator).orRun the command "Get-AppXpackage" to list apps for the current user.3. Find the application name located in either the Name field orPackageFullName field.a. When entering the value from the Name field into Data Security, youmust add the wildcard “*” after the application name (e.g.microsoft.microsoftskydrive*). This method allows for greater flexibilitywhen the app version changes.b. When entering the value from the PackageFullName field into DataSecurity, no wildcard is necessary, but you will need to update the value ifthe app version changes.Mac ApplicationsTo import Mac applications, select Main Resources Applications NewApplication. See Endpoint Applications.To find the value to enter for Mac applications:1. Locate the application you want to monitor.2. Right click on the application and click Show Package Contents.3. Open the file info.plist in the Contents folder.4. Look for the key(s) CFBundleName and enter the value of the string(s)under it (e.g. for “ string Example /string ” enter “Example”).5. If there is no key by that name, or no info.plist file, use the process(es)name(s).10 Websense Data Security

Data Security Endpoint ApplicationsIf there are multiple CFBundleName keys and/or multiple string entries below thekey(s), each string value must be added separately.Very rarely, apps will launch other processes along with the main application. Theseprocesses should be added as endpoint applications as well. In order to know whatprocesses belong to an app you need to see what processes are created when openingan application, for example by using Activity Monitor.Data Security - Endpoint Applications 11

Data Security Endpoint Applications12 Websense Data Security

Office Applications Adobe Reader 8.1 Copy/Cut Paste File Access Copy/Cut Microsoft Access 2003, 2007, 2010 Microsoft Excel 2003, 2007, 2010 * Microsoft InfoPath 2007, 2010 Microsoft OneNote . on demand outlook.com RightNow Sales-Force WorkDay Group Application Windows Mac Supported

Related Documents:

ESET Endpoint Protection Standard v6.5.522.0 FireEye Endpoint Security v4 Fortinet FortiClient v5.6.2 G DATA EndPoint Protection Business v14.1.0.67 Kaspersky Lab Kaspersky Endpoint Security v10 Malwarebytes Endpoint Protection v1.1.1.0 McAfee Endpoint Security v10.5 Palo Alto Networks Traps v4.1 Panda Security Panda Adaptive Defense 360 v2.4.1

Symantec Endpoint Protection . Endpoint Protection Manager: v11.600.550 Symantec Endpoint Protection: v11.6000.550 . Sophos Endpoint Security and Data Protection . Enterprise Console: v4.0.0.2362 Endpoint Security and Control: v9.05 . Trend Micro Worry-Free Business Security: Standard Edition . Worry-Free Business Security: v6.0 SP2 build 3025

Vendor Product Version Endpoint Security 10.x Endpoint Security for Mac 10.x VirusScan 8.x VirusScan for Mac 9.x McAfee McAfee Security for Mi crosoft Exchange 8.5 Microsoft Windows Defender All known versions Symantec Endpoint Protection 12.1, 14 Endpoint Protection for Macintosh 12, 14 Sophos Endpoint Security 9.x, 10.x

only endpoint security solution to concurrently prioritize, predict, and prescribe actions. Trellix Endpoint Security (ENS) Purpose-built security for proactive threat management and proven security controls Endpoint security that aligns with your priorities The endpoint solution you depend on should align with the priorities that matter most .

McAfee Dynamic Endpoint Threat Defense Next-generation endpoint security is a security category highlighting signature-less defenses and dominated by startup vendors and point tools. As this market matures however, traditional endpoint security vendors are catching up, offering the first true next-generation endpoint security solutions.

Installing and Deploying Data Endpoint 1 Installing and Deploying Data Endpoint Clients Websense Data Endpoint is a solution for securing client workstations, laptops, and other endpoint machines from data loss when the machines are outside the corporate network and for identifying sensitive data on the clients themselves.

Sophos Sophos Endpoint Protection Endpoint Security and Control 10.7 April 2017 Bitdefender Bitdefender GravityZone Business Security 6.2.18.884 April 2017 Symantec Corp Symantec Endpoint Protection Cloud 22.9.1.12 April 2017 ESET, spol. s r.o. ESET Endpoint Security 6.5.2094.0 April 2017 Mal

Licensed by Lumension Security, Inc. Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets . endpoint security management — the foundation of an endpoint security management suite— and its component parts, and ultimately how these technologies fit into an enterprise management .