Execution Control

You can configure to control the application of certain files. The policy you set in AC is called the inventory policy. However, the custom AC policy takes precedence over the inventory policy.

1. Click Policy.
2. Select the Security Program Policy tab.
3. Click Add.
4. From the drop-down menu, select AC Policy then AC Policy.
5. Under the Execution Control tab, select Enable AC to start using the application control policy.
6. Collection mode is when AC, upon initial installation, collects information on executable files (PE for Windows and ELF for Linux) and automatically create an inventory policy. Select an operation mode to take after this collection is complete. During collection mode, the execution of the application is permitted.

Note

Product update is put on hold during the collection mode and is continued once the collection mode is complete.

• Lockdown: This is the default mode for operation after collection. All executable files are registered to the inventory policy and all application control policy is applied.
• Maintenance: This is the mode that allows a file to be automatically added to the inventory policy during a specific time frame, if it is not already added. Select this feature if you expect to have a scheduled task such as installation or update as it allows the execution of all application. However, the custom access control policy and the custom application control policy takes precedence over the Maintenance mode.
• Simulation: This is the mode that notifies you in case a file, that is not registered in the inventory policy, is executed during a specific time frame. Select this feature if you expect to have a scheduled task such as installation or update as it allows the execution of all application. However, the custom access control policy and the custom application control policy takes precedence over the Maintenance mode.

7. Under Trusting Conditions, select the conditions of a file that must be met to allow the execution.

• ASD whitelist: This condition allows the execution of a file if it is whitelisted by AhnLab Smart Defense (ASD) during the lockdown mode. Go to the Logs menu to see details. This feature can only work properly if you are connected to the ASD network.
• Valid certificates: This condition allows the execution of a file if it is has a valid certification. Logs are not provided.

• Signer whitelist: This condition allows the execution of a file if it is signed by a user permitted by the admin, without verifying the certificate. Logs are not provided. Click Add to add trusted users.
• Use file supplier: This condition allows the execution of a file if it is provided by a supplier permitted by the admin, without verifying the certificate. Logs are not provided. Click Add to add trusted suppliers.

Note

Valid certificates, signer whitelist, and file supplier only work for Windows file.

8. Under Execution Control Exception, set the file or folder to be excluded from file input/output (I/O)detection of AC function as execution control exception.
9. Click Add and select the a folder or file for execution control exception.
10. Enter the path for file or folder.
11. Click Save to create the policy.