Application Check
Automatically adjust Trust Levels and enforce security policies based on whether specific applications are running on a device
- Updated on Oct 17, 2024
Overview
Security policies often require that devices run specific applications. Admins can use SonicWall Cloud Secure Edge (CSE) to enforce these policies by adding the Application Check Trust Factor to a relevant Trust Profile. Admins can establish a list of applications required to be running on devices in their organization, and they can specify whether these must be running (e.g., by selecting Mandatory on the Trust Profile).
Adding a mandatory application
The steps below cover how to add CrowdStrike as a mandatory application for your organization. You can extend these steps to other applications and scenarios.
1. Navigate from Trust > Profiles.
2. Open an existing Trust Profile or select + Create Profile.
3. Under the Trust Factors tab, add Application Check.
- Enter the Application Name (e.g.,
CrowdStrike Falcon
). - Determine whether or not the app is Mandatory. If Yes, then the device Trust Level will be set to
Always Deny
if the app is not running. If No, then device access will be allowed, but the device Trust Level will be reduced accordingly if the app is not running. - Enter the process name (one per platform) that should be running on a device (such as
falcond
). See a list of common apps and their corresponding patterns below.
For apps that have variable process names, use regex pattern matching. For example, the Cisco Umbrella app has multiple process names depending on the app version running on a device, such as RoamingClientmenubar
and umbrellamenu
. In this scenario, you would enter /(umbrellamenu|RoamingClientmenubar)/
to match both process names accordingly.
5. Select Save.
Process Names for Common Applications
The table below lists common preferred applications and their corresponding patterns.
Device Management
App Name | macOS | Windows | Linux |
---|---|---|---|
JAMF | jamfAgent |
n/a | n/a |
Endpoint Security
App Name | macOS | Windows | Linux |
---|---|---|---|
CarbonBlack | CbOsxSensorService |
cb.exe |
cbdaemon |
CrowdStrike | falcond |
csagent.exe |
falcon-sensor |
Windows Defender | n/a | msmpeng|savservice |
n/a |
Internet Gateway (including CASB)
App Name | macOS | Windows | Linux |
---|---|---|---|
Cisco Umbrella | umbrellamenu|RoamingClientmenubar |
How Cloud Secure Edge Collects the Application Check Trust Factor
OS | Command Input | Expected Output |
---|---|---|
macOS | ps -eco comm= |
TRUE |
Windows | tasklist /fo csv /nh |
|
Linux | ps -eo comm= |