Sophos Central – Block/Allow an Application

First, log in to Sophos Central Admin, go to Endpoint Protection, under CONFIGURE click Policies.

Block an Application

At the right of the top corner, click Add Policy, Feature chooses Application Control.

Set POLICY NAME e.g: Block Remote Management Application.

Assign Users to wish to enforce the policy.

Go to the SETTINGS tab, click Add/Edit List to select the application wish to enforce by this policy.

In this tutorial, I will block the Remote Management Tool such as Team-viewer, you can add the other one into the list also. All of them on the list will be enforced by this Policy.

Under Detection Options, enable Detect controlled application when users access them (You will be notified) then check to Block the detected application, Save the policy.

Now, let’s try to open Team-viewer see what happen then, as you can see the image below the Team-viewer blocked by Application Control Rule.

Allow an Application

Add new Policy, feature chooses Application Control.

Set POLICY NAME e.g: Allow Remote Management Application.

Assign Users to wish to enforce the policy.

Go to the SETTINGS tab, click Add/Edit List to select the application wish to enforce by this policy.

Select the application you wish to bypass the block policy.

Under Detection Options, enable Detect controlled application when users access them (You will be notified) then check to Allow the detected application, Save the policy.

The useful feature I like that Policy can automatically disable the policy after a specific time, back to the created policy, go to POLICY ENFORCED tab, enable Automatically disable policy at a specific time then set an Expire time for this policy.

Save the Policy, you can see the policy expire time will end in a specific time. It means the policy will be affected in a period of that time.

Policy expired after a period of time.

Hope it helps.

 

Leave a Reply

avatar
  Subscribe  
Notify of