File Access

Audit > File Access

The File Access page prevents unauthorized access to files on managed machines by rogue applications or users. Any application can be approved or denied access to the file.

Note: You may also block operating system access to the protected file by blocking access to explorer.exe and/or cmd.exe. This prevents the file from being renamed, moved, or deleted therefore completely locking down the file from tampering.

Block

To protect a file from access by rogue applications, enter the filename and click the Block button. This displays the File Access popup window.

The dialog presents the user with one of the following options:

• Filename to access control - Enter the file name and/or a portion of the full path. For example, adding a file named protectme.doc to the list, protects occurrences of protectme.doc in any directory on any drive. Adding myfolder\protectme.doc protects all occurrences of the file in any directory named myfolder.
• New - Add in a new application to the access list. You can manually enter the application or use the Search... button to select an application name.
• Remove - Removes an application from the approved access list
• Search - Select a machine ID to search the list of applications installed on that machine ID and select an application name. This list is based on the latest audit performed on that machine ID. You are not actually browsing the managed machine.
• Ask user to approve unlisted - Lets users approve/deny access to the file on a per application basis each time a new application tries to access that file. Use this feature to build up an access control list based on normal usage.
• Deny all unlisted - Blocks an application from accessing the file. Select this option if you are already sure of which files need access and which do not.

Unblock

Remove an application from the protection list by clicking the Unblock button. This opens a new dialog box listing all protected files for the selected machine IDs. You can remove files from just the selected machine or from all machines containing that file path.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Filename

Filename of the file to be blocked. Click the edit icon next to any filename to change file access permissions for that filename.

Approved Apps

Lists applications approved to access the file on the machine ID.

Ask User Approval

If checked, the user of a machine ID is asked to approve file access if an unapproved application attempts to access the file.

Topic 405: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.