Transcription

Data Security EndpointApplicationsEndpoint Applications Data Security Solutions Version 7.8.xYou can monitor any number of applications on the endpoint. Websense has analyzedthe metadata for more than a hundred applications and can monitor these with greataccuracy. (They are listed in this article.) You can add other applications to the list. Ifyou want to analyze the applications based on their metadata, you can use a utility thatWebsense provides. Built-in support, page 1 Importing other applications, page 11Built-in supportEndpoint Applications Data Security Solutions Version 7.8.xFollowing are the applications that you can choose to monitor on the endpoint whenyou set up your endpoint policy. This includes software applications, Webapplications, and SaaS (software as a service) applications.Also noted is whether the application is supported on Windows endpoint, Macendpoint, or both, and the type of operations that can be analyzed by Data Security.Please note that in v7.8.1, only File Access can be analyzed on Mac endpoint, while inv7.8.2 and beyond, Mac endpoint apps can be monitored for Copy, Cut, and Pasteoperations as well (with the exception of cloud-based apps which are not supported onMac).Data Security - Endpoint Applications 1

Data Security Endpoint CutPasteFile AccessCopy/CutPasteCopy/CutPasteFile AccessFile AccessInternetExplorerInternetExplorer 10,11 (store app)Opera InternetBrowserSafari WebBrowserTorch BrowserCD BurnersAcousticaMP3 CDBurnerAlcohol 120%AlcoholLauncherCD MateDisk UtilityNero BurningROMRoxio CreatorClassiciTunes2 Websense Data Security

Data Security Endpoint ApplicationsGroupApplicationCloud StorageAmazonCloud ultOperationsCopy/CutPasteFile AccessCopy/CutPasteFile AccessBox (storeapp)DropboxDropbox(store app)Google DriveSkyDriveSkyDrive(store app)*Data Security - Endpoint Applications 3

Data Security Endpoint ApplicationsGroupApplicationEmailApple ationsCopy/CutPasteFile AccessPasteCopy/CutPasteFile AccessFile AccessEudora LightEudora ProLotus NotesMailMateMicrosoftOutlook 2003,2007, 2010,2013MicrosoftOutlookMobileManager 2003,2007, 2010MozillaThunderbirdOutlookExpressPegasus Mailfor WindowsPegasus MailWSENDTOUtilityPostboxSparrowWindows MailEncryptionSoftwareDK2 NetworkServer RemoteMonito - DK2DESkeyFileEncryption XPWindowsPrivacy Tray(WinPT)4 Websense Data Security

Data Security Endpoint ApplicationsGroupApplicationFTPCore FTP AppCuteFTP nsDefaultOperationsCopy/CutPasteFile AccessFile AccessCopy/CutPasteFile AccessFile AccessPasteFileZilla FTPClientFlashFXPFTPVoyager LeechFTPServ-U FileServer EXEServ-U FileServer TrayApplicationServ-U FTPServer SetupUtilitySmartFTPClientWS FTP ProApplication WS FTPProfessionalIMAdiumAOL InstantMessengerCamfrogGoogle TalkiChatICQ (storeapp)ICQ LibraryICQLiteJabberMessengerData Security - Endpoint Applications 5

Data Security Endpoint rationsDefaultOperationsCopy/CutPasteFile r2007, 2010MicrosoftLync 2007,2010, 2013MXit PC e (storeapp)TrillianViberWindows rModule Yahoo!MessengerOfficeApplicationsAdobe Reader8.1BeanEclipseEmacs6 Websense Data Security**

Data Security Endpoint /ApacheOpenOfficeMellelMicrosoftAccess 2003,2007, 2010,2013MicrosoftExcel 2003,2007, 2010,2013MicrosoftInfoPath 2007,2010MicrosoftOneNote2003, 2007,2010, 2013MicrosoftPowerPoint2003, 2007,2010, 2013MicrosoftProject 2003,2007, 2010MicrosoftPublisher2003, 2007,2010, 2013MicrosoftVisio 2003,2007, 2010MicrosoftWord 2003,2007, 2010,2013NotepadNumbersOpenOffice.org SuiteData Security - Endpoint Applications 7

Data Security Endpoint rationsDefaultOperationsCopy/CutPasteFile eClinicalWorksECLIPSYSINGENIXinteGreatSequel8 Websense Data Security

Data Security Endpoint ApplicationsGroupApplicationP2PAres p2p ultOperationsCopy/CutPasteFile AccessFile AccessPasteCopy/CutPasteFile AccessFile eMule - eMuleFrostWireKazaadownload/databaseviewer a - KDatKazaaQuickLinksHandler/Generat - KSigklrun: protocol- Kazaa kagingSoftware7-Zip FileManageriArchiverWinRARarchiverWinZipData Security - Endpoint Applications 9

Data Security Endpoint thStack COMServer perationsCopy/CutPasteFile AccessFile AccessCopy/CutPasteFile ftReader (storeapp)Wireless LinkFile TransferApp - IrftpZune Music(store app)Zune Videos(store uiteOracle CRMon demandoutlook.comRightNowSalesforceWorkDay10 Websense Data Security

Data Security Endpoint ile AccessNoneMSTSCNT BackupToolVista BackupToolVMWare*Requires adding the applications runtimebroker.exe, bulkoperationhost.exe, and filemanager.exe tothe FTP application group. See the section on importing Windows Desktop Applications for instructions.**File Access only. The Copy, Cut, and Paste operations are not supported.***The cut, copy, paste, file access, and download operations are not supported for cloud apps onWindows endpoints when they are used through a Windows Store browser.You can also configure Data Security to block and/or audit screen captures when aspecific endpoint application is running. Navigate to the Resources EndpointApplications page and click on the application name to enable this feature. Thisfeature is only supported on Windows operating systems.Importing other applicationsEndpoint Applications Data Security Solutions Version 7.8.xIf you want to monitor an endpoint application other than the ones supplied byWebsense, follow the instructions below. The instructions vary depending on theoperating system, as well as the type of application. Windows Desktop Applications, page 11 Windows Store apps, page 13 Mac Applications, page 13Windows Desktop ApplicationsThe following applies to Windows applications prior to Windows 8, as well asWindows 8 desktop applications. For instructions on how to monitor Windows Storeapplications, see the section below, Windows Store apps.There are 2 ways to import applications onto the Data Security server for Windowsdesktop applications:1. Selecting Main Resources Applications New Application/OnlineApplication. See Endpoint Applications.Data Security - Endpoint Applications 11

Data Security Endpoint ApplicationsWhen you add applications using this screen, they are identified by theirexecutable name. Occasionally, users try to get around being monitored bychanging the executable name. For example, if you’re monitoring “winword.exe”on users’ endpoint devices, they may change the executable name to “winword.exe” to avoid being monitored.2. Using an external utility program, DSSRegApps.exe. This method records theapplication’s metadata, so that Websense Data Security can analyze the metadata.In other words, if the name of the application is modified by an end users, WebsenseData Endpoint can still identify the application and apply policies.NoteThis tool can be copied to any other machine and beexecuted on it as long as it has connectivity to the DataSecurity Management Server.To use the external tool to import applications in the Data Security server:1. Go to [%DSS Home%] directory (Default: C:\Program Files\Websense\DataSecurity Suite) and double-click DSSRegApps.exe. The Get File Propertiesscreen is displayed.2. Complete the following fields:FieldDescriptionIP Address/HostnameInsert the IP Address or Hostname of the Data Security Server.User NameProvide the user name used to access the Data Security Server.This is the user name assigned to administrators that have relevantpermissions.PasswordEnter the Password used to access the Data Security Server. Thisis the password assigned to administrators with relevantpermissionsFile NameInsert the File Name of the application, e.g. Excel.exe OR clickthe Browse. button and in the Open dialog box, navigate to theFile Name of the application and double-click it.Display NameEnter the name of the application as you want it displayed in theData Security Management Server.3. Click OK.A message will appear indicating that the application was successfully registered withthe Data Security Server. The Get File Properties screen will be re-displayed with theData Security Server fields completed, but the File Name and Display Name empty.This allows you to select additional applications to register with the Data SecurityServer. Continue this process until all applications are registered. When you arefinished adding applications, click the Cancel button in the Get File Properties screen.12 Websense Data Security

Data Security Endpoint ApplicationsWindows Store appsThe following instructions do not apply to Windows 8/8.1 desktop applications. Forinstructions on how to monitor Windows 8/8.1 desktop applications, see the sectionabove, Windows Desktop Applications.NoteIn order to monitor file access on Windows 8 Store apps,you must first add RuntimeBroker.exe as an endpointapplication, and monitor file access on this application. ForWindows 8.1 store apps, you must also addBulkOperationHost.exe and FileManager.exe. Theendpoint monitors all Windows Store apps accessing filesthrough the runtime broker and not just the designated app.RuntimeBroker.exe is a Windows desktop application, sofollow the instructions in Windows Desktop Applicationsto add this as an endpoint application.To import Windows 8 Store apps, select Main Resources Applications NewApplication. See Endpoint Applications.Windows 8 Store applications are identified by their application name. You should usethis name in the “executable name field on this screen. Wildcards are supported.To identify the application name:1. Open PowerShell (run as administrator if you want to collect Windows 8Store apps for all users, or run as the current user if you want to collect appsfor the current user).2. Run the command "Get-AppXpackage -Allusers" to list apps for all users(requires you to run PowerShell as administrator).orRun the command "Get-AppXpackage" to list apps for the current user.3. Find the application name located in either the Name field orPackageFullName field.a. When entering the value from the Name field into Data Security, youmust add the wildcard “*” after the application name (e.g.microsoft.microsoftskydrive*). This method allows for greater flexibilitywhen the app version changes.b. When entering the value from the PackageFullName field into DataSecurity, no wildcard is necessary, but you will need to update the value ifthe app version changes.Mac ApplicationsTo import Mac applications, select Main Resources Applications NewApplication. See Endpoint Applications.Data Security - Endpoint Applications 13

Data Security Endpoint ApplicationsTo find the value to enter for Mac applications:1. Locate the application you want to monitor.2. Right click on the application and click Show Package Contents.3. Open the file info.plist in the Contents folder.4. Look for the key(s) CFBundleName and enter the value of the string(s)under it (e.g. for “ string Example /string ” enter “Example”).5. If there is no key by that name, or no info.plist file, use the process(es)name(s).If there are multiple CFBundleName keys and/or multiple string entries below thekey(s), each string value must be added separately.Very rarely, apps will launch other processes along with the main application. Theseprocesses should be added as endpoint applications as well. In order to know whatprocesses belong to an app you need to see what processes are created when openingan application, for example by using Activity Monitor.14 Websense Data Security

Cloud Storage Amazon Cloud Drive Copy/Cut Paste File Access Copy/Cut Paste Box File Access (Box.com) Box (store app) Dropbox Dropbox (store app) Google Drive SkyDrive SkyDrive . AOL Instant Messenger Camfrog Google Talk iChat ICQ (store app) ICQ Library ICQLite