Application Check

Automatically adjust Trust Levels and enforce security policies based on whether specific applications are running on a device

  • Updated on Oct 17, 2024

Overview

Security policies often require that devices run specific applications. Admins can use SonicWall Cloud Secure Edge (CSE) to enforce these policies by adding the Application Check Trust Factor to a relevant Trust Profile. Admins can establish a list of applications required to be running on devices in their organization, and they can specify whether these must be running (e.g., by selecting Mandatory on the Trust Profile).

Adding a mandatory application

The steps below cover how to add CrowdStrike as a mandatory application for your organization. You can extend these steps to other applications and scenarios.

1. Navigate from Trust > Profiles.

2. Open an existing Trust Profile or select + Create Profile.

3. Under the Trust Factors tab, add Application Check.

  • Enter the Application Name (e.g., CrowdStrike Falcon).
  • Determine whether or not the app is Mandatory. If Yes, then the device Trust Level will be set to Always Deny if the app is not running. If No, then device access will be allowed, but the device Trust Level will be reduced accordingly if the app is not running.
  • Enter the process name (one per platform) that should be running on a device (such as falcond). See a list of common apps and their corresponding patterns below.

For apps that have variable process names, use regex pattern matching. For example, the Cisco Umbrella app has multiple process names depending on the app version running on a device, such as RoamingClientmenubar and umbrellamenu. In this scenario, you would enter /(umbrellamenu|RoamingClientmenubar)/ to match both process names accordingly.

5. Select Save.

Process Names for Common Applications

The table below lists common preferred applications and their corresponding patterns.

Device Management

App Name       macOS       Windows Linux      
JAMF jamfAgent n/a n/a

Endpoint Security

App Name       macOS       Windows Linux      
CarbonBlack CbOsxSensorService cb.exe cbdaemon
CrowdStrike falcond csagent.exe falcon-sensor
Windows Defender n/a msmpeng|savservice n/a

Internet Gateway (including CASB)

App Name       macOS       Windows Linux      
Cisco Umbrella umbrellamenu|RoamingClientmenubar    

How Cloud Secure Edge Collects the Application Check Trust Factor

OS Command Input Expected Output
macOS ps -eco comm= TRUE
Windows tasklist /fo csv /nh  
Linux ps -eo comm=