Home    SecuLution Dokumentation back next
Welcome
SecuLution technique and terminology
Quick start
Test setup in 30 minutes
Best practice in everyday use
Full setup and deployment in 5 hours
Installation of components
Install Appliance
AdminWizard installation
Agent installation
Syslog server installation
Initial configuration tasks
Configure basic settings
Agent configuration
Configure automated tasks
Manage whitelist
Initial whitelist generation
Import trustworthy software
Learn mode
Check deployment and learning progress
Audit
Add entries to whitelist
Drag'n'drop
Individual lernmode
Import from directory
PermanentLernUser
Log alarms
Cleanup whitelist
Manually delete unused entries
Delete entries using a pattern
Clean up classifications
Managed Whitelist
Managed Whitelist
Actions
Actions
Referring rules to objects
Offline mode
Offline mode
Devices
USB device management
USB device encryption
RCM
Agent deployment (RemoteClientManagement)
ArpWatch
ArpWatch
Logs
Logs
FAQ
setup.ini

Best practice in everyday use

Once your SecuLution system is set up properly (making use of automated tasks), manual tasks will not be necessary, nor will there be any additional work for everyday use. The system will secure your network, and all users and administrators will be able to utilize their computer normally.

However, whenever new software is to be deployed, from now on there's a slight change in the process.

Since SecuLution will block any unknown hashes, we must add the hashes of the new software to our whitelist. There are several methods you can choose from.

To begin:


Turn on learn mode

Open the "Learning from" dropdown list and select the computer you're going to install the new software on for testing. You can select from your Active Directory objects of type (G)roup, (U)ser or (H)ost, or manually enter an IP address range here.

lernmode_on



Start program as privileged user (PermanentLearnUser)

Instead of double-clicking setup.exe, just right-click and choose "run as different user":
runas
Windows will ask for the username and password that will be used to startet the program. Enter the username and password of the account you configured as PermanentLearnUser (PLU). The program started with these credentials will be "learned" (the program's hash will be added to your whitelist).
After setup.exe has finished, most setup tools will offer to immediately start the installed application. Do so, since this will start the installed application with the same user the setup.exe was started with, which is the PLU, so the hash of the new application will be learned too.


Drag and drop setup.exe to AdminWizard

Just drag your new program.exe, setup.exe (or even .zip, .cab, .msi and many more) into the AdminWizard (just to the right of the "RCM" tab), or over the AdminWizards icon on your desktop. The AdminWizard will offer to import this program into the ruleset:

dragndrop
Choosing "unpack" will extract the contents of the file to a temporary directory and add the contents of that directory (the hashes of the files you are adding) into the whitelist. You'll also be asked for a classification:
classification
Remember to activate the whitelist with the Arrow-Up button!

Disable local Agent, install software, import pattern files

Another way of adding (possibly more complex) applications is to

  • disable the local Agent (right-click on the Agent icon, choose "disable", enter disable password)
  • install application to target directory
  • import pattern files (from the main menu, select Extra > Generate rules from files and import) using the directory you installed the application into; activate the changed whitelist with the Arrow-Up button
  • re-enable Agent

Turn alarms into rules

Any attempt to use a hash (start an application) which is not trusted and thus blocked will be logged. Just select the alarm in the logs.

logs

... and click on "Add program to list".
add
Remember to activate the changed whitelist with the Arrow-Up button!