File Access

Agent > Protection > File Access

The File Access page prevents unauthorized access to files on managed machines by rogue applications or users. Any application can be approved or denied access to the file.

Note: You may also block operating system access to the protected file by blocking access to explorer.exe and/or cmd.exe. This prevents the file from being renamed, moved, or deleted therefore completely locking down the file from tampering.

Multiple Agents

If multiple agents are installed on a machine, only one agent at a time controls the drivers required to use File Access, Network Access, Application Blocker. These functions can only be performed by the agent controlling these drivers.

Block

To protect a file from access by rogue applications, enter the filename and click the Block button. This displays the File Access popup window.

The dialog presents the user with one of the following options:

• Filename to access control - Enter the file name and/or a portion of the full path. For example, adding a file named protectme.doc to the list, protects occurrences of protectme.doc in any directory on any drive. Adding myfolder\protectme.doc protects all occurrences of the file in any directory named myfolder.
• New - Add in a new application to the access list. You can manually enter the application or use the Search... button to select an application name.
• Remove - Removes an application from the approved access list
• Search - Select a machine ID to search the list of applications installed on that machine ID and select an application name. This list is based on the latest audit performed on that machine ID. You are not actually browsing the managed machine.
• Ask user to approve unlisted - Lets users approve/deny access to the file on a per application basis each time a new application tries to access that file. Use this feature to build up an access control list based on normal usage.
• Deny all unlisted - Blocks an application from accessing the file. Select this option if you are already sure of which files need access and which do not.

Unblock

Remove an application from the protection list by clicking the Unblock button. This opens a new dialog box listing all protected files for the selected machine IDs. You can remove files from just the selected machine or from all machines containing that file path.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent Quick View window.

Online but waiting for first audit to complete

Agent online

Agent online and user currently logged on.

Agent online and user currently logged on, but user not active for 10 minutes

Agent is currently offline

Agent has never checked in

Agent is online but remote control has been disabled

The agent has been suspended

An agent icon adorned with a red clock badge is a temporary agent.

Machine.Group ID

The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.

Filename

Filename of the file to be blocked. Click the edit icon next to any filename to change file access permissions for that filename.

Approved Apps

Lists applications approved to access the file on the machine ID.

Ask User Approval

If checked, the user of a machine ID is asked to approve file access if an unapproved application attempts to access the file.