Next Topic

Previous Topic

Book Contents

Network Access

Audit > Network Access

The Network Access page lets you approve or deny TCP/IP-protocol-based network access on a per application basis. Users can also be notified when an unlisted application accesses the network, permitting or denying that application network access. Typically this function is used to control access to internal and external internet sites, but can include internal LAN traffic that also uses the TCP/IP protocol.

Driver

This function requires the driver be enabled to block network access and monitor network bandwidth statistics. The driver is disabled by default. This driver inserts itself into the TCP/IP stack to measure TCP/IP-protocol-based network traffic by application.

Note: To determine which applications should be approved or denied network access, use the Network Statistics report to view network bandwidth utilization versus time. Drill down and identify peak bandwidth consumers by clicking on the graph's data points. See which application and which machine use bandwidth at any point in time.

Warning: Applications that do not use the Windows TCP/IP stack in the standard way may conflict with the driver used to collect information and block access, especially older legacy applications.

To approve or deny network access to one or more applications

  1. Check the checkbox next to one or more machine IDs in the Machine.Group ID column.
  2. Click the link of any machine ID in the Machine.Group ID column. It does not have to be the machine ID you checked. This displays the Application List popup window, listing all applications installed on that machine ID. The list is based on the latest audit that was performed for that machine ID.
  3. Since the list in the Application List window may be large, you can control the applications displayed by clicking Filter to filter the list.
  4. Check the checkboxes next to the application name you wish to approve or deny network access to.
  5. You can also enter application names in the Add applications not found by audit here edit field, to identify applications not listed.
  6. Click the Select button to confirm your selections and close the Application List window.
  7. Click Approve Apps or Deny Apps. The applications selected in the Application List window are added from the Approved Apps/Denied Apps column.

To remove approve and deny settings for one or more machine IDs

  1. Check the checkbox next to one or more machine IDs in the Machine.Group ID column.
  2. Click the Remove Apps button.

Notify user when app blocked

Click Enable to notify the user when a blocked application attempts to access the network. Use this function to build up the access list based on normal usage. This lets you see which applications on your system are accessing the network and when.

The user has four responses that they can enter for the given application:

  • Always - Allows the application access to the network indefinitely. Users will not be prompted again.
  • Yes - Allows the application access to the network for the duration of the session. Users will be prompted again.
  • No - Denies the application access to the network for the duration of the session. Users will be prompted again.
  • Never - Denies the application access to the network indefinitely. Users will not be prompted again.

Enable/Disable driver at next reboot

Enable/Disable the network access protection driver for an agent. Applications that do not use the Windows TCP/IP stack in the standard way may conflict with this driver, especially older legacy applications. The agent can not monitor network statistics or block network access if this driver is disabled.

Apply Unlisted Action

An unlisted application is one that has not been explicitly approved or denied access to the network. Select the action to take when an unlisted application attempts to access the network.

  • Ask user to approve unlisted - A confirmation dialog box displays if an unlisted application attempts to access the network.
  • Approve all unlisted - The unlisted application is granted access to the network.
  • Deny all unlisted - The unlisted application is denied access to the network and the application is closed on the managed machine.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Notify User

A green checkmark in the Notify User column indicates that the managed machine user is notified when an application attempts to access the network that has been denied network access.

To notify the user when a application has been denied:

  1. Select machine IDs.
  2. Click the Enable button for Notify user when app is blocked.

To remove this notification:

  1. Select machine IDs that display a green checkmark in the Notify column.
  2. Click the Disable button for Notify user when app is blocked.

Enable Driver

Identifies on a per machine ID basis, which machines have the network protection driver enabled or not.

Unlisted Action

Displays the Unlisted Action to take when an unlisted application attempts to access the network. See Apply Unlisted Action above.

Approved Apps / Denies Apps

  • Approved applications are listed in the first row.
  • Denied applications are listed in the second row.
  • If the Approve all unlisted radio option is selected and applied to a machine ID, then the approved application list is replaced by the phrase Approve All Unlisted.
  • If Deny all unlisted radio option is selected and applied to a machine ID, then the denied application list is replaced by the phrase Deny All Unlisted.