Hi, has anyone used LEM to create and apply an application white-list or one for processes?
I have been tasked to leverage LEM to block any unknown processes from running on all of our desktop PC’s. With the direction of finding a way to make a list of approved applications that are allowed and after the list is proven to apply a that list to Kill any process that are not approved.
I have been asked to use LEM to do this because their was some recollection of LEM being able to do this by the powers at be.
I am not asking about the Audit Policies for Process Creation and Process Termination as that is a given with this topic but can be referenced here:
Any ideas or experiences with this type of white-list in LEM that you care to share would be appreciated. Including dissenting opinions.
You could use a rule like this one:
But where they have the process listed explicitly, you can create a user defined group of processes and have the rule refer to that instead of the specific process name.