How to roll out an application control policy

By default, all applications and application types are allowed. We recommend that you introduce application control as follows:

  1. Consider which applications you want to control.
  2. Enable on-access scanning, and select the Detect but allow to run option to detect but not block controlled applications.

    At this time, you have one application control policy for your entire network.

  3. Use the application control Event Viewer to view which applications are being used, and determine the applications or application types that you want to block. You can access the Event Viewer by clicking Events > Application Control Events.
  4. To grant access to applications differently for various computer groups, create different policies for different groups. For example, you may not want to allow VoIP for office-based desktop computers, but you may want to authorize its use for remote computers.
  5. Determine which applications or application types you want to block and move them to the Blocked list.
  6. Configure your policy to block controlled applications that are detected by clearing the Detect but allow to run option.

By taking this approach, you avoid generating large numbers of alerts and blocking applications that your users may need. For more information on setting up application control policy, see the Sophos Enterprise Console help.

Note Application Control can be configured to block CScript.exe that is used by Patch. If you use both Application Control and Patch, ensure that you do not block Microsoft WSH CScript in the Programming/Scripting tool category. By default, programming and scripting tools are allowed.