Preferred Applications

Automatically adjust Trust Levels and enforce security policies based on whether specific applications are running on a device

  • Updated on Sep 27, 2022

This article describes features that are only available in the Banyan Business edition and Banyan Enterprise edition.

The Linux-RPM version of the desktop app does not currently support TrustScoring for an org’s Preferred Apps.


Security policies often require that corporate devices run specific applications. You can use Banyan to enforce these policies via Device TrustScoring. Specifically, you can establish a list of applications required to be running on devices (desktops only) in your organization.

In Banyan TrustScoring, we called these “Preferred Applications” for an organization; the Trust Factor associated with preferred applications is called Application Check. You can specify whether your devices must have these applications running (i.e., Mandatory Preferred Applications) or if users can receive partial credit for having a subset of Preferred Applications running on their device.

Adding a Mandatory Preferred Application

The steps below cover how to add CrowdStrike as a Mandatory Preferred Application for your organization. You can extend these steps for other applications and scenarios.

1. Navigate to Settings > TrustScore Settings > Device Scoring and then select Preferred Applications Running (desktop-only).

2. Select + Add App.

3. Configure the application details.

  • Enter the Application Name (such as CrowdStrike Falcon).
  • Determine whether or not the app is Mandatory. If Yes, then device access will be blocked if the app is not running. If No, then device access will be allowed, but the device TrustScore will be reduced accordingly.
  • Select the Platform(s) that require the preferred app. For this example, we’ll set the platform to macOS

4. Enter the process name (one per platform) that should be running on a device (such as falcond). See a list of common Preferred Apps and their corresponding patterns below.

For apps having process names that are variable or change regularly, you may use regex pattern matching. For example, the Cisco Umbrella app has multiple process names depending on the app version running on a device, such as RoamingClientmenubar and umbrellamenu. In this scenario, you would enter /(umbrellamenu|RoamingClientmenubar)/ to match both process names accordingly.

5. Select Save.

6. Optionally, apply the Application Check Trust Factor to devices according to device ownership type.

Now, any macOS device in your organization must have CrowdStrike Falcon (process name falcond) running in order to access Banyan-protected services.

If a macOS device in your organization does not have CrowdStrike Falcon running, the Device Trust Level is reduced to Always Deny and access to Banyan-protected services is blocked.

Process Names for Common Applications

The table below lists common preferred applications and their corresponding patterns.

If you use a different third-party application or would like to add tools that are not covered below, please let us know!

Device Management

App Name       macOS       Windows Linux      
JAMF jamfAgent n/a n/a

Endpoint Security

App Name       macOS       Windows Linux      
CarbonBlack CbOsxSensorService cb.exe cbdaemon
CrowdStrike falcond csagent.exe falcon-sensor
Windows Defender n/a msmpeng|savservice n/a

Internet Gateway (including CASB)

App Name       macOS       Windows Linux      
Cisco Umbrella umbrellamenu|RoamingClientmenubar