Application Check
Automatically adjust Trust Levels and enforce security policies based on whether specific applications are running on a device
- Updated on Jun 30, 2023
Overview
Security policies often require that devices run specific applications. Admins can use Banyan to enforce these policies by adding the Application Check Trust Factor to a relevant Trust Profile. Admins can establish a list of applications required to be running on devices in their organization, and they can specify whether these must be running (e.g., by selecting Mandatory on the Trust Profile).
Adding a mandatory application
The steps below cover how to add CrowdStrike as a mandatory application for your organization. You can extend these steps to other applications and scenarios.
1. Navigate from Secure Access > Trust Scoring, and then select Trust Profiles.
2. Open an existing Trust Profile or select Create Trust Profile.
3. Under the Trust Factors tab, add Application Check.
- Enter the Application Name (e.g.,
CrowdStrike Falcon). - Determine whether or not the app is Mandatory. If Yes, then the device Trust Level will be set to
Always Denyif the app is not running. If No, then device access will be allowed, but the device Trust Level will be reduced accordingly if the app is not running. - Enter the process name (one per platform) that should be running on a device (such as
falcond). See a list of common apps and their corresponding patterns below.
For apps that have variable process names, use regex pattern matching. For example, the Cisco Umbrella app has multiple process names depending on the app version running on a device, such as RoamingClientmenubar and umbrellamenu. In this scenario, you would enter /(umbrellamenu|RoamingClientmenubar)/ to match both process names accordingly.
5. Select Save.
Process Names for Common Applications
The table below lists common preferred applications and their corresponding patterns.
If you use a different third-party application or would like to add tools that are not covered below, let us know.
Device Management
| App Name | macOS | Windows | Linux |
|---|---|---|---|
| JAMF | jamfAgent |
n/a | n/a |
Endpoint Security
| App Name | macOS | Windows | Linux |
|---|---|---|---|
| CarbonBlack | CbOsxSensorService |
cb.exe |
cbdaemon |
| CrowdStrike | falcond |
csagent.exe |
falcon-sensor |
| Windows Defender | n/a | msmpeng|savservice |
n/a |
Internet Gateway (including CASB)
| App Name | macOS | Windows | Linux |
|---|---|---|---|
| Cisco Umbrella | umbrellamenu|RoamingClientmenubar |
How Banyan Collects the Application Check Trust Factor
| OS | Command Input | Expected Output |
|---|---|---|
| macOS | ps -eco comm= |
TRUE |
| Windows | tasklist /fo csv /nh |
|
| Linux | ps -eo comm= |
Can’t find what you’re looking for?
We’re happy to help. Contact our team.