Automatically adjust Trust Levels and enforce security policies based on whether specific applications are running on a device
- Updated on Sep 27, 2022
The Linux-RPM version of the desktop app does not currently support TrustScoring for an org’s Preferred Apps.
Security policies often require that corporate devices run specific applications. You can use Banyan to enforce these policies via Device TrustScoring. Specifically, you can establish a list of applications required to be running on devices (desktops only) in your organization.
In Banyan TrustScoring, we called these “Preferred Applications” for an organization; the Trust Factor associated with preferred applications is called Application Check. You can specify whether your devices must have these applications running (i.e., Mandatory Preferred Applications) or if users can receive partial credit for having a subset of Preferred Applications running on their device.
Adding a Mandatory Preferred Application
The steps below cover how to add CrowdStrike as a Mandatory Preferred Application for your organization. You can extend these steps for other applications and scenarios.
1. Navigate to Settings > TrustScore Settings > Device Scoring and then select Preferred Applications Running (desktop-only).
2. Select + Add App.
3. Configure the application details.
- Enter the Application Name (such as
- Determine whether or not the app is Mandatory. If Yes, then device access will be blocked if the app is not running. If No, then device access will be allowed, but the device TrustScore will be reduced accordingly.
- Select the Platform(s) that require the preferred app. For this example, we’ll set the platform to
4. Enter the process name (one per platform) that should be running on a device (such as
falcond). See a list of common Preferred Apps and their corresponding patterns below.
For apps having process names that are variable or change regularly, you may use regex pattern matching. For example, the Cisco Umbrella app has multiple process names depending on the app version running on a device, such as
umbrellamenu. In this scenario, you would enter
/(umbrellamenu|RoamingClientmenubar)/ to match both process names accordingly.
5. Select Save.
6. Optionally, apply the Application Check Trust Factor to devices according to device ownership type.
Now, any macOS device in your organization must have CrowdStrike Falcon (process name
falcond) running in order to access Banyan-protected services.
If a macOS device in your organization does not have CrowdStrike Falcon running, the Device Trust Level is reduced to Always Deny and access to Banyan-protected services is blocked.
Process Names for Common Applications
The table below lists common preferred applications and their corresponding patterns.
If you use a different third-party application or would like to add tools that are not covered below, please let us know!
Internet Gateway (including CASB)