DriveLock Security as a Service Managed Endpoint Protection · User Interface settings Taskbar...

DriveLock Security as a Service

Managed Endpoint Protection

Global Base Security

DriveLock SE 2020

CSP 10-Global-Base-Security

31-Mar-2020 12:03:21 / v.53© 2020 DriveLock SE. All rights reserved. Page 2 of 40

Content

DriveLock Security as a ServiceManaged Endpoint Protection

Global Base SecurityContentScope of this documentGlobal Configuration

SettingsRemote control settings and permissionsAutomatic updatesUser Interface settings

Taskbar notification area settingsOffline unlock Control Panel settingsAgent user interface settingsCustom user notification messages

DrivesSettingsRemovable Drive locking

Floppy disk drivesCD-ROM drivesUSB bus connected drivesFirewire (1394) bus connected drivesSD card drives (SD-bus)Other removable drives

File filter templatesDefault Filter (All files R/W)Default Filter (All files Read only)File type definitionsFile type groups

DevicesDevice class locking

Devices / Network adaptersSmartphones

Apple devicesOther mobile devices

Network profilesSettings

ApplicationsSettingsApplication rules

Publisher certificate rulesAdobeAdobe Inc.Adobe Inc. AGS HelperAdobe Systems IncorporatedAdobe Systems IncorporatedAdobe Systems, IncorporatedAppleBitdefenderCisco AnyConnectCisco WebEx LLCDell Inc.DriveLock \AzCopy.exeDriveLock Update ServiceFirefoxFirefox InstallerFirefox Software UpdaterGoogleGoogle ChromeGoToMeetingHaufe-LexwareHPIntelLenovoLenovoLogMeIn, Inc.MicrosoftMicrosoft



Microsoft 3rd Party Application ComponentMicrosoft OutlookMicrosoft SettingsMicrosoft TeamsMozilla CorporationMozilla CorporationNotepad++VMWareWinGup for Notepad++

Special rulesAutomatic updates are being installedProgram file is part of .NET FrameworkProgram file is part of DriveLock / DriveLock Disk ProtectionProgram file is part of Windows operating system

Other rulesFile name or path rules

Security awarenessSettings

Security awareness user interface settingsSystems management

SettingsHardware and software inventoryClient compliance reporting settings

Self-Service groupsGlossary



Scope of this document

This document describes how the Policy configuration is defined for the Base-Security.



Global Configuration

Settings

Property Value

Permissions on DriveLock Agent services NT-AUTORITÄT\Authentifizierte Benutzer Query service information

NT-AUTORITÄT\SYSTEM Full control

Configure Internet Connection Firewall to allow remote control(Windows XP SP2 and newer)

Enabled

On startup, allow logon before DriveLock has completelystarted

Disabled

Enable periodic reloading of configuration file Enabled

Reload file every 30 minutes

Start DriveLock Agent in Safe Mode Enabled

Run DriveLock Agent in unstoppable mode Disabled

Simulation mode (for testing purposes) Disabled

Tenant / DriveLock Cloud synchronization Tenant: root, Event sync: Not configured

When impersonating users: Use "network logon" instead of"interactive logon"

Disabled

Remote control settings and permissions

Property Value

Agent remote control port 6064

Enable SSL (encrypted remote control communication) Enabled

Enforce SSL (disable unencrypted port) Disabled

SSL remote control port 6065

Certificate used for SSL communications Automatically create self-signed certificate on Agents

Show user notification message on agent when remoteconnection is established

Disabled

Agent remote control permissions VORDEFINIERT\Administratoren

Agent remote control read permissions No one

Automatic updates

Property Value

DriveLock Agent Enabled

DriveLock Management Console Disabled

DriveLock Control Center Disabled

Other engine Disabled

Use explict schedule Enabled



Schedules At am every day9:30 At 11 am every dayAt 12 pm every dayEvery 15 minutes starting at 14:15. Duration: 3 hour(s) dailyAt 3:30 pm every dayAt 4 pm every day

Randomize automatic update interval Disabled

User Interface settings

Taskbar notification area settings

Property Value

User notification type Popup window

Display notification area icon Enabled

Display icon only when a message is displayed Disabled

Display messages for 30 seconds

Offline unlock Control Panel settings

Property Value

Disable offline unlocking requests from Control Panel Disabled

Use short (weak) request / response codes Disabled

Show offline unlocking in context menu of notification areaicon

Disabled

Contact information (displayed in unlock wizard)

Security configuration Use Password

Password or certificate Configured

Agent user interface settings

Property Value

Enable Agent user interface Enabled

Active categories HomeEncryptionStatus

Active functions Home | Unlock agentEncryption | CreateEncryption | Create cloud storage folderEncryption | MountEncryption | RecoverEncryption | Manage certificates (DFP only)Network profiles | My network profilesStatus | DrivesStatus | DevicesStatus | SmartphonesStatus | Group Policy

In Windows Start menu display "DriveLock" under Start | Programs | DriveLock

Use agent UI instead of classic wizards when selectingoptions from taskbar icon menu

Enabled



Custom user notification messages

Property Value

Display message shortly before temporary unlock mode ends Disabled

Display custom message Disabled

Drives

Settings

Property Value

Audit drive insertion / removal / locking Enabled

Always allow access to administrators Disabled

Removable Drive locking

Floppy disk drives

Property Value

Lock status Locked with exceptions

Permissions list NT-AUTORITÄT\Authentifizierte Benutzer (Read / Write / Execute)

Filter files read from or written to drives of this type Disabled

Audit and shadow files read from or written to drives of thistype

Enabled

Filter / audit / shadow files using template Default Filter (All files R/W)

Display custom message in user notification Disabled

Also display message when access is granted Disabled

Display no message when this rule is activated Disabled

Do not generate audit events when this rule is activated Disabled

User must accept usage policy before rule will be applied Enabled

Require password for accepting usage policy Disabled

Scan for viruses before granting access to the drive Disabled

Run program when drive is connected and locked Disabled

Run program when drive is connected and not locked Disabled

Run program when drive is disconnected Disabled

CD-ROM drives

Property Value







Enabled


Change hardware revision information to "Lock" whenCD/DVD writing is denied

Disabled

Change hardware vendor information Disabled

Do not filter CD/DVD-write operations (do not block CDburning)

Disabled

Do not intercept low-level hardware drivers Disabled

Disable Windows XP built-in CD writing (regardless ofpermissions)

Disabled

Disable soft blocking (do not hide CD/DVD writingcapabilities)

Disabled

Do not display user notification messages Disabled







Require drive to be encrypted Disabled

Require media authorization on this drive (CD/DVD drivesonly)

Disabled





USB bus connected drives

Property Value





Enabled












Disabled





Firewire (1394) bus connected drives

Property Value





Enabled










Disabled





SD card drives (SD-bus)

Property Value





Enabled












Disabled





Other removable drives

Property Value





Enabled










Disabled





File filter templates

Default Filter (All files R/W)



Property Value

Template description Default Filter (All files R/W)

Comment allow all files R/W

Rule unique identifier 2a3417ef-8fb7-424b-bdb4-f45598b18416

When reading files Allow all files

When writing files Allow all files

Shadowing settings None

Audit files All files

Audit conditions All

User exceptions Rule is active for all users and groups

Computer exceptions Rule is active on any computer

Network exceptions Rule is active in any network location

Users to exclude from shadowing and auditing NT-AUTORITÄT\SYSTEM

Also exclude these users from file filtering Enabled

Default Filter (All files Read only)

Property Value

Template description Default Filter (All files Read only)

Comment Default Filter (All files Read only)

Rule unique identifier af5284ef-9107-4f8f-a696-3aaa158da86b

When reading files Allow all files

When writing files Allow only selected extensions

File extensions to filter when writing files None

File type groups to filter when writing files

Block files which are not content scanned Enabled

Shadowing settings None

Audit files All files

Audit conditions All

User exceptions Rule is active for all users and groups



Users to exclude from shadowing and auditing NT-AUTORITÄT\SYSTEM

Also exclude these users from file filtering Enabled

File type definitions



386, 3G2, 3GP, 7Z, AAC, ACCDB, ACCDE, ACCDR, ACCDT, ACE, AI, AIF, ANI, APK, ARC, ARJ, ASF, AVI, AX, BAT, BKF, BMP, BUP, CAB, CBR, CDR, CHM,CMD, COM, CPL, CRX, CSV, CUE, DLL, DLV, DMG, DOC, DOCM, DOCX, DOT, DOTM, DOTX, DSS, DVX, DWG, DXF, EPS, EPUB, EXE, FLT, FLV, FON,GADGET, GDOC, GDRAW, GIF, GSHEET, GSLIDES, GZ, GZIP, HEIC, HEIF, ICO, IFO, IND, INDD, INI, ISO, ITL, JAR, JFIF, JPE, JPEG, JPG, JS, JSE, KEY,LHA, LOG, LZH, M4A, M4P, M4V, MDB, MDE, MDF, MDI, MID, MIDI, MK3D, MKA, MKS, MKV, MOV, MP2, MP3, MP4, MPEG, MPG, MPP, MSG, MSI, MSP,MSM, MSP, NUMBERS, OCX, ODM, ODP, ODT, OGG, ONE, OST, OTF, OTP, OTT, PAGES, PDF, PIF, PKG, PNG, POTM, POTX, PPAM, PPS, PPSM, PPSX,PPT, PPTM, PPTX, PPZ, PS, PS1, PSD, PSP, PSPIMAGE, PST, RAR, REG, RM, RPM, RPT, RTF, SCR, SITX, SNP, SQL, SVG, SWF, SYS, TGA, TGZ, TIF,TIFF, TOAST, TTF, TXT, VBE, VBS, VDX, VHD, VHDX, VMDK, VMSN, VOB, VS, VSD, VXD, WAV, WEBM, WIZ, WMA, WMF, WMV, WPD, WPS, WSF, XAR,XIP, XLA, XLAM, XLR, XLS, XLSB, XLSM, XLSX, XLT, XLTX, XPI, XPS, Z, ZIP, ZIPX

File type groups

Property Value

Archives ACE, ARJ, CAB, GZIP, IMH, ISO, JAR, LZH, RAR, TAR, Z, ZIP

Audio files AAC, M4A, M4P, MID, MP3, MP4, WMAWAV,

CAD files DWG, DXF

Certificate files CER, CRT, DER, P12, P7B, P7C, PEM, PFX

Database files ACCDB, DBF, MDB, MDF

Disk image files BIN, CUE, DMG, ISO, TOAST

Executables BAT, CMD, COM, DLL, EXE, JS, JSE, OCX, PIF, PS1, SCR, SYS, VBE, VBS,VS

Font files FON, PTF, TTF

Images BMP, GIF, JPEG, JPG, PNG, PSD PSP, TGA, TIFF

Office documents ACCDB, DOC, DOCX, MDB, PDF, PPS, PPSX, PPT, PPTX, PRJ, TMP, XLS,XLSX, XPS

Temporary files ., TEMP, TMP

Text documents LOG, PS, TXT

Video files AVI, BUP, DIVX, DVX, IFO, MPEG, MPG, MPG2, VOB, WMV

Virtual disks VHD, VMDK, VMSN

Devices

Device class locking

Devices / Network adapters

Property Value

Enable locking and auditing devices of this type Disabled

Audit device events for devices of this type Enabled

Do not show user notifications for devices of this type Disabled

Do not lock system devices of this type Enabled

Disabled locked devices in device manager Disabled

Do not restart these devices when another user logs on(Windows XP and later)

Enabled

Do not restart these devices when another user logs on(Windows 2000)

Disabled



Smartphones

Apple devices

Property - Apple devices Value


Permissions list NT-AUTORITÄT\Authentifizierte Benutzer



Enabled


iTunes - Always block selected synchronisation types Disabled

iTunes - Audit all transferred files and data Enabled

iTunes - Audit system files and objects Enabled







Other mobile devices

Windows Mobile handheld devices and SmartphonesPalm OS handheld devices and SmartphonesBlackBerry devicesMobile phonesAndroid devices

Property Value

Enable locking and auditing devices of this type Enabled

Audit device events for devices of this type Enabled

Do not show user notifications for devices of this type Disabled

Do not lock system devices of this type Enabled

Do not restart these devices when another user logs on Disabled



Enabled






Network profiles

Settings

Property Value

Allow users to configure personal networking profiles Disabled

Taskbar notification area settings -User notification type

Popup window

Taskbar notification area settings -Display notification area icon

Disabled

Taskbar notification area settings -Display messages for

30 seconds

Applications

Settings

Property Value

Scanning and blocking mode Whitelist

Hash algorithm to use for hash-based rules SHA-512

Always audit application execution (independent of blockingmode)

Enabled

Local whitelist and predictive whitelisting Enabled with predictive whitelisting

Upload local Whitelist to DES Disabled

Application rules

Publisher certificate rules

Adobe

Property Value

Rule scope Publisher certificate

Rule type Whitelist

Description Adobe

Rule unique identifier 5d96939c-63ce-49fb-a03c-7bd313bf3352

Comment

Certificate subject CN="Adobe Systems, Incorporated", OU=Acrobat DC, O="Adobe Systems,Incorporated", L=San Jose, S=California, C=US, PostalCode=95110,STREET=345 Park Ave, SERIALNUMBER=2748129,OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US,OID.2.5.4.15=Private Organization

Certificate issuer CN=DigiCert EV Code Signing CA (SHA2), OU= , O=DigiCertwww.digicert.comInc, C=US

Certificate unique ID type Do not check

http://www.digicert.com/



Executable description *

Executable version comparison Do not check

Template is active for NT-AUTORITÄT\Authentifizierte Benutzer



Rule is active during selected hours No restriction (Any time)

Adobe Inc. Back to top

Property Value


Rule type Whitelist

Description Adobe Inc.

Rule unique identifier a274f26e-55ea-4017-ba5a-100fb129ed37

Comment

Certificate subject CN=Adobe Inc., OU=Acrobat DC, O=Adobe Inc., L=San Jose, S=ca, C=US,SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization,OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US









Adobe Inc. AGS Helper Back to top

Property Value


Rule type Whitelist

Description Adobe Inc. AGS Helper

Rule unique identifier ce4b7022-8829-4246-98dd-3b6526be5df5

Comment

Certificate subject CN=Adobe Inc., OU=AAM 256, O=Adobe Inc., L=San Jose, S=ca, C=US,SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization,OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US


Certificate unique ID type Serial number

http://www.digicert.com




Unique ID data 06F24D9F4DB07BD7ECAD067F5EE26C29







Adobe Systems Incorporated Back to top

Property Value


Rule type Whitelist

Description Adobe Systems Incorporated

Rule unique identifier 8bb8f80b-bbb5-4ddb-b3b2-55a382763b41

Comment

Certificate subject CN=Adobe Systems Incorporated, OU=AAM 256, O=Adobe SystemsIncorporated, L=San Jose, S=California, C=US, SERIALNUMBER=2748129,OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US,OID.2.5.4.15=Private Organization


Certificate unique ID type Thumbprint

Unique ID data 369DF9FC7FB17A718028AC9E4EDDFD09E8D1080A







Adobe Systems Incorporated Back to top

Property Value


Rule type Whitelist

Description Adobe Systems Incorporated

Rule unique identifier b0cf5682-69db-4769-a476-e7feb82215f5

Comment

Certificate subject CN=Adobe Systems Incorporated, OU=AAM 256, O=Adobe SystemsIncorporated, L=San Jose, S=California, C=US, SERIALNUMBER=2748129,OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware,OID.1.3.6.1.4.1.311.60.2.1.3=US




Certificate issuer CN=Symantec Class 3 Extended Validation Code Signing CA, OU=SymantecTrust Network, O=Symantec Corporation, C=US


Unique ID data A41629FDB16344E7D3398B68AE68C7D064F52180







Adobe Systems, Incorporated Back to top

Property Value


Rule type Whitelist

Description Adobe Systems, Incorporated

Rule unique identifier 5ad50a51-208b-41e5-8e54-df9d3d0e2f50

Comment

Certificate subject CN="Adobe Systems, Incorporated", OU=Acrobat 11, O="Adobe Systems,Incorporated", L=San Jose, S=California, C=US, PostalCode=95110,STREET=345 Park Ave, SERIALNUMBER=2748129,OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US,OID.=Pri



Unique ID data 4A92F984C7B48596B8C8DD91559774766C530DC0







Apple

Property Value


Rule type Whitelist

Description Apple

Rule unique identifier a51c8391-b25b-48b8-a969-b41ea88c8893




Comment

Certificate subject CN=Apple Inc., O=Apple Inc., L=Cupertino, S=California, C=US

Certificate issuer CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec TrustNetwork, O=Symantec Corporation, C=US








Bitdefender

Property Value


Rule type Whitelist

Description Bitdefender

Rule unique identifier bb943a0b-9d56-49f0-8c17-b165768c3f16

Comment

Certificate subject CN=Bitdefender SRL, OU=PD, O=Bitdefender SRL, L=Bucharest, S=Romania,C=RO

Certificate issuer CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US.verisign.com/rpa








Cisco AnyConnect

Property Value


Rule type Whitelist

Description Cisco AnyConnect

Rule unique identifier 2386c444-0200-466c-9e1e-dcdec8791c9c

Comment

https://www.verisign.com/rpa




Certificate subject CN="Cisco Systems, Inc.", OU=Endpoint Security, O="Cisco Systems, Inc.",L=San Jose, S=California, C=US









Cisco WebEx LLC Back to top

Property Value


Rule type Whitelist

Description Cisco WebEx LLC

Rule unique identifier 9414f888-b4bc-4d0a-b16a-326e90a72dc3

Comment

Certificate subject CN=Cisco WebEx LLC, O=Cisco WebEx LLC, L=San Jose, S=California,C=US



Unique ID data 0EC5E1E04D6F373C0AC80D14A703A565ABD3B2F8







Dell Inc. Back to top

Property Value


Rule type Whitelist

Description Dell Inc.

Rule unique identifier 780692ce-4359-4810-aaf5-34ec3c380d91

Comment



Certificate subject CN=Dell Inc., OU=Product Group Release Engineering, O=Dell Inc., L=RoundRock, S=Texas, C=US



Unique ID data B13B89BABC4F77D681ADEFB714EE6090146079D1







DriveLock \AzCopy.exe Back to top

Property Value


Rule type Whitelist

Description DriveLock \AzCopy.exe

Rule unique identifier 838556ca-1a7f-4b69-abdb-f404e385d020

Comment

Certificate subject CN=Microsoft Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond,S=Washington, C=US

Certificate issuer CN=Microsoft Windows Verification PCA, O=Microsoft Corporation,L=Redmond, S=Washington, C=US



Executable version comparison and above

Executable version 1.0.8698.584





DriveLock Update Service

Property Value


Rule type Whitelist

Description DriveLock Update Service

Rule unique identifier 9e3d96c7-7fa2-4456-b53e-88892e7d4f31





Comment

Certificate subject CN=DriveLock SE, O=DriveLock SE, L=München, S=Bayern, C=DE

Certificate issuer CN=DigiCert Assured ID Code Signing CA-1, OU= ,www.digicert.comO=DigiCert Inc, C=US


Executable description DriveLock Update Service






Firefox

Property Value


Rule type Whitelist

Description Firefox

Rule unique identifier 4bdbb51e-0f1b-46a4-9176-c805302b187f

Comment

Certificate subject CN=Mozilla Corporation, O=Mozilla Corporation, L=Mountain View,S=California, C=US

Certificate issuer CN=DigiCert SHA2 Assured ID Code Signing CA, OU= ,www.digicert.comO=DigiCert Inc, C=US


Executable description Firefox






Firefox Installer

Property Value


Rule type Whitelist

Description Firefox

Rule unique identifier 05f7245f-ec11-4a26-8fc6-1a696c089551

Comment





Certificate subject E="release+certificates@ ", CN=Mozilla Corporation, OU=Releasemozilla.comEngineering, O=Mozilla Corporation, L=Mountain View, S=California, C=US



Executable description Firefox






Firefox Software Updater

Property Value


Rule type Whitelist

Description Firefox Software Updater

Rule unique identifier 9e1d5e70-f4d7-4850-8d4a-eb703b1f3eb2

Comment




Executable description Firefox Software Updater






Google

Property Value


Rule type Whitelist

Description Google

Rule unique identifier 4fb8f91b-3cc0-4649-a167-0a51b6dd7a6b

Comment

Certificate subject CN=Google Inc, O=Google Inc, L=Mountain View, S=California, C=US

http://mozilla.com





Certificate issuer CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US








Google Chrome

Property Value


Rule type Whitelist

Description Google Chrome

Rule unique identifier b9d3ad53-ee1c-4279-9526-7fc4f33bacb8

Comment

Certificate subject CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US









GoToMeeting

Property Value


Rule type Whitelist

Description GoToMeeting

Rule unique identifier 3f535265-3671-49f0-9f94-73665bad16bc

Comment

Certificate subject CN="LogMeIn, Inc.", O="LogMeIn, Inc.", L=Boston, S=Massachusetts, C=US












Haufe-Lexware Back to top

Property Value


Rule type Whitelist

Description Haufe-Lexware

Rule unique identifier 79021185-b46b-439a-81ae-22802f63598d

Comment

Certificate subject CN=Haufe-Lexware GmbH & Co. KG, OU=SWD, OU=Digital ID Class 3 -Microsoft Software Validation v2, O=Haufe-Lexware GmbH & Co. KG,L=Freiburg, S=Baden-Wuerttemberg, C=DE









HP

Property Value


Rule type Whitelist

Description HP

Rule unique identifier 268c2bf4-6e85-4215-85d2-f550b26c2151

Comment

Certificate subject CN=Hewlett Packard, OU=Desktop Consumer Solutions, OU=Digital ID Class3 - Microsoft Software Validation v2, O=Hewlett Packard, L=San Diego,S=California, C=US

Certificate issuer CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://ww (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.",w.verisign.com/rpa

C=US














Intel

Property Value


Rule type Whitelist

Description Intel

Rule unique identifier 2257175c-be5e-45e9-945a-dae1e70f6043

Comment

Certificate subject CNCN=Intel(R) Wireless Connectivity Solutions, O=Intel Corporation, L=SantaClara, S=CA, C=US

Certificate issuer =Intel External Basic Issuing CA 3B, O=Intel Corporation, L=Santa Clara,S=CA, C=US








Lenovo

Property Value


Rule type Whitelist

Description Lenovo

Rule unique identifier 73d0412e-e927-4268-a34b-582ac7ed3424

Comment

Certificate subject CN=Lenovo, OU=G09, O=Lenovo, L=Morrisville, S=North Carolina, C=US

Certificate issuer CN=Symantec Class 3 SHA256 Code Signing CA - G2, OU=Symantec TrustNetwork, O=Symantec Corporation, C=US










Lenovo

Property Value


Rule type Whitelist

Description Lenovo

Rule unique identifier 845bf0cb-29cd-4662-a334-de2aa4c70079

Comment

Certificate subject CN=Lenovo, OU=G10, O=Lenovo, L=Morrisville, S=North Carolina, C=US

Certificate issuer CN=Symantec Class 3 SHA256 Code Signing CA - G2, OU=Symantec TrustNetwork, O=Symantec Corporation, C=US








LogMeIn, Inc.

Property Value


Rule type Whitelist

Description LogMeIn, Inc.

Rule unique identifier cc6836f8-b19e-4a83-8a21-3ebcfd2f2a0b

Comment

Certificate subject CN="LogMeIn, Inc.", O="LogMeIn, Inc.", L=Boston, S=Massachusetts, C=US



Unique ID data 700249EAAEB19956D04C89488549A6587D1A8C81










Microsoft

Property Value


Rule type Whitelist

Description Microsoft

Rule unique identifier 26a78e04-9317-41cf-8539-30b5e2a568f6

Comment

Certificate subject CN=Microsoft Corporation, OU=AOC, O=Microsoft Corporation, L=Redmond,S=Washington, C=US

Certificate issuer CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond,S=Washington, C=US








Microsoft

Property Value


Rule type Whitelist

Description Microsoft

Rule unique identifier da7c6723-747b-4389-ba19-6fe6e03bb322

Comment

Certificate subject CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond,S=Washington, C=US











Microsoft 3rd Party Application Component

Property Value


Rule type Whitelist

Description Microsoft 3rd Party Application Component

Rule unique identifier 80c2aec1-cc85-47bc-ab33-93dfcd4e83b0

Comment

Certificate subject CN=Microsoft 3rd Party Application Component, O=Microsoft Corporation,L=Redmond, S=Washington, C=US

Certificate issuer CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond,S=Washington, C=US


Unique ID data 32F28ACBC1B26F28D0EF6773E3E6FBF5E13F3BB0







Microsoft Outlook

Property Value


Rule type Whitelist

Description Microsoft Outlook

Rule unique identifier 9bfb954f-c0af-4e86-9644-0deaaa690365

Comment

Certificate subject CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond,S=Washington, C=US











Microsoft Settings

Property Value


Rule type Whitelist

Description Microsoft Settings

Rule unique identifier 3f1789a4-c9fe-481b-99c0-1e333b77be6e

Comment

Certificate subject CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond,S=Washington, C=US

Certificate issuer CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation,L=Redmond, S=Washington, C=US








Microsoft Teams

Property Value


Rule type Whitelist

Description Microsoft Teams

Rule unique identifier b577bf75-807b-4351-a103-a3de301127a4

Comment

Certificate subject CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond,S=Washington, C=US

Certificate issuer CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond,S=Washington, C=US


Executable description Microsoft Teams








Mozilla Corporation

Property Value


Rule type Whitelist

Description Mozilla Corporation

Rule unique identifier c032790a-c275-484c-b082-eac4e0c2cca3

Comment




Unique ID data 50600FD631998451C8F75EF3F618E31FC74D1585







Mozilla Corporation

Property Value


Rule type Whitelist

Description Mozilla Corporation

Rule unique identifier 6abb26d4-14b1-48bb-97be-dba1ae6ecb20

Comment

Certificate subject E="release+certificates@ ", CN=Mozilla Corporation, OU=Releasemozilla.comEngineering, O=Mozilla Corporation, L=Mountain View, S=California, C=US









http://mozilla.com





Notepad++

Property Value


Rule type Whitelist

Description Notepad++

Rule unique identifier a98fda91-391d-4fae-980d-b0489da7b4ea

Comment

Certificate subject CN="Notepad++", O="Notepad++", L=Saint Cloud, S=Ile-de-France, C=FR

Certificate issuer CN=DigiCert SHA2 High Assurance Code Signing CA, OU= ,www.digicert.comO=DigiCert Inc, C=US


Unique ID data 9659849A76342C3DB71735F4C49449B29D453CA4







VMWare

Property Value


Rule type Whitelist

Description VMWare

Rule unique identifier 5774d142-89c5-48ab-9d07-ff6216158a91

Comment

Certificate subject CN="VMware, Inc.", O="VMware, Inc.", L=Palo Alto, S=California, C=US














WinGup for Notepad++

Property Value


Rule type Whitelist

Description WinGup for Notepad++

Rule unique identifier f6c624bd-8c9a-467f-8797-08f088ace670

Comment

Certificate subject CN="Notepad++", O="Notepad++", L=Saint Cloud, S=Ile-de-France, C=FR









Special rules

Automatic updates are being installed

Property Value

Rule scope Special condition

Rule type Whitelist

Description Automatic updates are being installed

Rule unique identifier 0a1a100c-734a-44d8-88f4-5ab38893c9f8

Comment

Rule is selected when Automatic updates are being installed

Template is active for Everyone




Program file is part of .NET Framework

Property Value


Rule type Whitelist




Description Program file is part of .NET Framework

Rule unique identifier fd8145b5-bd6b-4d31-840e-2dce4f63d7dd

Comment

Rule is selected when Program file is part of .NET Framework





Program file is part of DriveLock / DriveLock Disk Protection

Property Value


Rule type Whitelist

Description Program file is part of DriveLock / DriveLock Disk Protection

Rule unique identifier ff9d6c81-737e-4cd2-ba04-35ab7d8990f5

Comment

Rule is selected when Program file is part of DriveLock / DriveLock Disk Protection





Program file is part of Windows operating system

Property Value


Rule type Whitelist

Description Program file is part of Windows operating system

Rule unique identifier 9932c258-a96e-40e8-b226-8687fd68ab6a

Comment

Rule is selected when Program file is part of Windows operating system

Include additional operating system add-ons Enabled





Other rules



File name or path rules

AppData-Path

Property Value

Rule scope Path of executable

Rule type Whitelist

Description AppData-Path

Rule unique identifier c23c2450-c63b-48a7-95e2-301d6d57b727

Comment

Path c:\users\*\AppData\Local

Check for substring (directory or process name) Disabled





C:\Program Files\WindowsApps\

Property Value


Rule type Whitelist

Description C:\Program Files\WindowsApps\

Rule unique identifier 283d7a13-0c3e-4510-895e-32b84d38c5a6

Comment

Path c:\Program Files\WindowsApps\

Check for substring (directory or process name) Enabled





UsoClient

Property Value


Rule type Whitelist

Description UsoClient

Rule unique identifier 029b67e3-0786-44d3-af5c-0c46af4238ed

Comment Update Orchestrator Service / Part of Windows Update

Path c:\Windows\System32\UsoClient.exe








Windows Modules Installer

Property Value


Rule type Whitelist

Description Windows Modules Installer

Rule unique identifier 32f2e2d5-2ac9-4d5d-89ac-a6620021a75d

Comment

Path c:\Windows\servicing\TrustedInstaller.exe






Windows Update Standalone Installer

Property Value


Rule type Whitelist

Description Windows Update Standalone Installer

Rule unique identifier 4ca0504f-729c-4e84-ba07-b40fa28643ff

Comment

Path c:\Windows\System32\wusa.exe






HostAppServiceUpdaterMetrics.exe

Property Value


Rule type Whitelist

Description HostAppServiceUpdaterMetrics.exe

Rule unique identifier 24a88ace-1cad-475a-9c0f-c5c48a7b7dad



Comment

Path HostAppServiceUpdaterMetrics.exe






Speech Model Download Executable

Property Value


Rule type Whitelist

Description Speech Model Download Executable

Rule unique identifier ac683d9c-1fcf-44c9-a3dc-efee02be222c

Comment

Path C:\Windows\System32\Speech_OneCore\common\SpeechModelDownload.exe






WinBioPlugIns\FaceFodUninstaller.exe

Property Value


Rule type Whitelist

Description WinBioPlugIns\FaceFodUninstaller.exe

Rule unique identifier 2b176199-17f2-4260-ae76-9c7b14dc9995

Comment

Path WinBioPlugIns\FaceFodUninstaller.exe






\SpeechRuntime.exe

Property Value




Rule type Whitelist

Description \SpeechRuntime.exe

Rule unique identifier 90642682-fe71-4e9f-8cf2-e2e828c73a86

Comment

Path System32\Speech_OneCore\common\SpeechRuntime.exe






Security awareness

Settings

Security awareness user interface settings

Property Value

Show new content... Once per week

Automatically show awareness information after a user logson

Disabled

Show content for ... seconds before allowingacknowledgement or other functions

Disabled

Allow users to page through available content Enabled

Show custom texts for acknowledging of campaign elements Disabled

Systems management

Settings

Hardware and software inventory

Property Value

Collection of inventory data Enabled

Collect device information Enabled

Collect drive information Enabled

Collect installed software information Enabled

Collect patch and hotfix information Enabled

Inventory starts Every 1 days

Start at fixed time Disabled



Client compliance reporting settings

Self-Service groups

Property Value

Description DriveLock Cloud Base

Comment

Rule unique identifier 33a3d20b-b388-4b73-9372-68091fd23176

Users able to manage computers NT-AUTORITÄT\Authentifizierte Benutzer

Computers manageable by users < Local computer >



Glossary

AD Active Directory

ALF Application Launch Filter

AV Anti-Virus

CSP Centrally Stored Policy

DB Data Base

DCC DriveLock Control Center

DES DriveLock Enterprise Service

DL DriveLock

DLV Extension for DriveLock Encrypted File-Containers (DriveLock Volume)

DMC DriveLock Management Console

FDE Full Disk Encryption

FFE File & Folder Encryption

MMC See DMC

MSSP Managed Security Service Provider

SecaaS Security as a Service

SOT Security Operations Team

VM Virtual Machine

VPN Virtual Private Network



Copyright

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwisenoted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depictedherein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, orevent is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user.

© 2020 DriveLock SE. All rights reserved.

DriveLock and others are either registered trademarks or trademarks of DriveLock SE or its subsidiaries in the United States and/or othercountries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Date post:	05-Aug-2020
Category:	Documents
Upload:	others
View:	7 times
Download:	0 times

DriveLock Security as a Service Managed Endpoint Protection · User Interface settings Taskbar...

Documents