Fortinet black logo

Administration Guide

Home FortiEDR/XDR 6.0.0 Administration Guide
6.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Application Control Manager

Application Control Manager

The Application Control policy enables FortiEDR to block pre-defined applications from running, so that it does not launch. It enables limiting the usage of non-desired applications on specific collector groups.

Note

This differs from Applications under Communication Control, which enables you to control which applications can communicate outside of the organization, but does not stop them from launching.

This section describes how to define the applications to be blocked by adding them in the Application Control Manager. In addition, applications can be added to the list of applications to be blocked by adding them from the Forensics window (as described in Stack view ) and the Threat Hunting window (as described in Threat Hunting). These applications are then listed in the Application Control Manager.

In general, in order to block applications so that they are not launched

  • The applications must be added to the Application Control Policy
  • Collector groups must be assigned to this policy
  • The blocklist rule must be enabled on the Application Control Policy.
To add applications to the blocklist:
  1. Select SECURITY SETTINGS > Application Control Manager.

    The following window displays, showing the list of all the applications that have been defined to be blocked by the Application Control policies. A row appears for each application to be blocked.

  2. You can then perform any of the following actions:
    1. Adding application(s) to be blocked
    2. Exporting the list of applications to be blocked
    3. Enabling/disabling application blocking
    4. Changing the policy under which the application is blocked
    5. Searching and filtering applications
    6. Editing an Application by selecting the Edit button on the right side of that Application’s row.
    7. Deleting an Application by selecting the Delete Application option at the top of the window or selecting the Delete button on the right side of that Application’s row.
Previous
Next

Application Control Manager

The Application Control policy enables FortiEDR to block pre-defined applications from running, so that it does not launch. It enables limiting the usage of non-desired applications on specific collector groups.

Note

This differs from Applications under Communication Control, which enables you to control which applications can communicate outside of the organization, but does not stop them from launching.

This section describes how to define the applications to be blocked by adding them in the Application Control Manager. In addition, applications can be added to the list of applications to be blocked by adding them from the Forensics window (as described in Stack view ) and the Threat Hunting window (as described in Threat Hunting). These applications are then listed in the Application Control Manager.

In general, in order to block applications so that they are not launched

  • The applications must be added to the Application Control Policy
  • Collector groups must be assigned to this policy
  • The blocklist rule must be enabled on the Application Control Policy.
To add applications to the blocklist:
  1. Select SECURITY SETTINGS > Application Control Manager.

    The following window displays, showing the list of all the applications that have been defined to be blocked by the Application Control policies. A row appears for each application to be blocked.

  2. You can then perform any of the following actions:
    1. Adding application(s) to be blocked
    2. Exporting the list of applications to be blocked
    3. Enabling/disabling application blocking
    4. Changing the policy under which the application is blocked
    5. Searching and filtering applications
    6. Editing an Application by selecting the Edit button on the right side of that Application’s row.
    7. Deleting an Application by selecting the Delete Application option at the top of the window or selecting the Delete button on the right side of that Application’s row.
Previous
Next