| Application collection |
Grouping of several related applications in terms of subject matter or program. An application collection is used in application rules or in application behavior rules. |
| Application rules |
Application rules can be used to allow or block individual applications, as well as configure local learning and the display of awareness campaigns. |
| Application behavior |
Application behavior includes all actions an application executes, such as starting additional applications or DLLs or writing to specific directories. |
| Application Behavior Control |
Monitoring the behavior of applications. DriveLock monitors and controls the activities of applications running on the agent. |
|
Application behavior rules
|
Application behavior rules define the actions an application is allowed or not allowed to perform (for example launching other programs, loading DLLs, reading or writing files or the registry, executing scripts). |
| Blacklist |
A negative list containing non-permissible and untrustworthy targets. By blacklisting it is possible to block specific applications. |
|
Local learning
|
In the course of a learning phase, the DriveLock Agent learns what is allowed on the particular client computer: starting applications or DLLs, or performing actions such as writing to specific directories. |
| Local whitelist |
The local whitelist is a hash database rule that is generated locally. It can be pre-filled with executables (allowed files) in certain directories and can be extended accordingly. |
| Simulation mode |
During a simulation, DriveLock generates event messages for started or blocked applications based on configured rules, but execution itself is neither allowed nor prevented. |
| Application behavior recording |
Recording of application behavior on the DriveLock Agent; to be saved as a JSON file and to generate application behavior rules from it. |
|
Whitelist
|
A positive list containing allowed and trusted targets. Only these may be executed. |