Skip to main content

Application Process Objects

  • Updated

Applies to:

  • Zentera Air Advanced
  • Zentera Air Ultimate

An Application Process Object allows you to identify a software application, so that an Object can be used in a policy.

The example below defines the git version control system using ssh as a transport mechanism. The application identification process context includes the hierarchy, enabling access to be granted for ssh in the context of a git operation, which blocking it for other purposes (command line ssh).

 

mceclip0.png

 

The object structure also supports the concept of an Application Process Object Group, enabling multiple software applications to be grouped together for policy definition convenience (e.g. applying one policy for multiple versions of a software application).

 

Creating an Application Process Object or Object Group

To create an Application Process Object, navigate to Access Policy Management > Application Process Objects, and click "Add Object".

Give your Application Process Object a name which is easy to remember.  You may also use the Description field to provide more context about what this Application Process Object is intended to represent.

The Application Interlock Process Ordering section allows you to define the order of execution and hierarchy of the process tree:

 

mceclip1.png

 

In addition to the executable path, which is required, you may also optionally specify the sha256sum of the binary package at that location.

The "Enforce Strict Order" option, when unchecked, specifies that the applications in the tree must be called in order, but allows other processes to appear before or between the specified applications. You will typically want to leave this box unchecked.

When checked, the entire process tree is matched against the tree in this section. For example, on Linux, the process tree typically starts with the user login and execution of the user's shell - so an application launched from command line would have a different process tree if the user logs in using ssh or VNC. 

 

information.svg

 The Enforce Strict Order level of checking can be a useful for a high security environment, as it can be used to differentiate between a valid user action on the target machine versus an action triggered by a hacker root kit.

 

Click Save.  You may now use this Application Process Object or Object Group in an Access Policy or a Chamber Policy.

 

 

Related articles

Comments

0 comments

Article is closed for comments.