Fortinet black logo

Administration Guide

Home FortiEDR/XDR 6.2.0 Administration Guide
6.2.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Application Control Manager

Application Control Manager

The Application Control policy enables FortiEDR to block pre-defined applications from running, so that it does not launch. It enables limiting the usage of non-desired applications on specific collector groups.

Note

This differs from Applications under Communication Control, which enables you to control which applications can communicate outside of the organization, but does not stop them from launching.

This section describes how to define the applications to be blocked by adding them in the Application Control Manager. In addition, applications can be added to the list of applications to be blocked by adding them from the Investigation View. These applications are then listed in the Application Control Manager.

In general, in order to block applications so that they are not launched

  • The applications must be added to the Application Control Manager under the user-defined group
  • Collector groups must be assigned to this policy
  • The blocklist rule must be enabled on the Application Control Policy.
To add applications to the blocklist:
  1. Select SECURITY SETTINGS > Application Control Manager.

    The following window displays, showing a list of different groups of applications that have been defined to be blocked by the Application Control policies. You cannot delete a group, change or search any group name.

    Predefined application groups (indicated by the Fortinet logo by the group name) are always at the top of the application list and are read-only. You cannot edit any settings except the policy setting, which is Application Control by default. You can add or remove policies for a predefined group but the default policy cannot be disabled. Applications added by the user are automatically categorized under the User-defined group.

    To sort applications by application name, click the Application Name column. You can also perform an operation on all applications in a group by selecting the group and clicking Export, Set State, and Policy Assignment.

  2. You can then perform any of the following actions:
    1. Adding application(s) to be blocked
    2. Exporting the list of applications to be blocked
    3. Enabling/disabling application blocking
    4. Changing the policy under which the application is blocked
    5. Searching and filtering applications
    6. Editing an Application by selecting the Edit button on the right side of that Application’s row.
    7. Deleting an Application by selecting the Delete Application option at the top of the window or selecting the Delete button on the right side of that Application’s row.
Previous
Next

Application Control Manager

The Application Control policy enables FortiEDR to block pre-defined applications from running, so that it does not launch. It enables limiting the usage of non-desired applications on specific collector groups.

Note

This differs from Applications under Communication Control, which enables you to control which applications can communicate outside of the organization, but does not stop them from launching.

This section describes how to define the applications to be blocked by adding them in the Application Control Manager. In addition, applications can be added to the list of applications to be blocked by adding them from the Investigation View. These applications are then listed in the Application Control Manager.

In general, in order to block applications so that they are not launched

  • The applications must be added to the Application Control Manager under the user-defined group
  • Collector groups must be assigned to this policy
  • The blocklist rule must be enabled on the Application Control Policy.
To add applications to the blocklist:
  1. Select SECURITY SETTINGS > Application Control Manager.

    The following window displays, showing a list of different groups of applications that have been defined to be blocked by the Application Control policies. You cannot delete a group, change or search any group name.

    Predefined application groups (indicated by the Fortinet logo by the group name) are always at the top of the application list and are read-only. You cannot edit any settings except the policy setting, which is Application Control by default. You can add or remove policies for a predefined group but the default policy cannot be disabled. Applications added by the user are automatically categorized under the User-defined group.

    To sort applications by application name, click the Application Name column. You can also perform an operation on all applications in a group by selecting the group and clicking Export, Set State, and Policy Assignment.

  2. You can then perform any of the following actions:
    1. Adding application(s) to be blocked
    2. Exporting the list of applications to be blocked
    3. Enabling/disabling application blocking
    4. Changing the policy under which the application is blocked
    5. Searching and filtering applications
    6. Editing an Application by selecting the Edit button on the right side of that Application’s row.
    7. Deleting an Application by selecting the Delete Application option at the top of the window or selecting the Delete button on the right side of that Application’s row.
Previous
Next