Support Center > Search Results > SecureKnowledge Details
How to enable "termination on execution" feature of Firewall and Application Control blade Technical Level
Solution

If required, the  Firewall and Application Control blade is able to terminate undesired applications at the very beginning of application start. All applications that were added to the "Termination" policy will not be allowed to start.

This feature is disabled by default.

How to enable?
Perform the following steps on all Endpoint Security Clients, according to relevant case:

Server Version >=R81 And Client version >=E84.20

Feature can be set up via policy in Smart-Endpoint application



Note: On client versions E84.20 and E84.30, client reboot is required after policy installation !


Server Version < R81 Or Client version < E84.20

Option 1: Perform the following steps on all Endpoint Security Clients

  1. Boot in Safe Mode without networking.
  2. Open regedit and find reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant\Parameters
  3. Create DWORD value AC_TermOnExecution with value "1".
  4. Reboot to Normal Mode.

Option 2: Perform the following steps in SmartEndpoint:

  1. In a compliance policy, open "Required Applications and Files Compliance Settings" action.
  2. Click "Create Rule" button. In a created new rule, right-click on an empty Name cell and click "Edit...". Enter "Enable AC_TermOnExecution" rule name.
  3. Right-click on a "Checks" cell. in a context menu, select "New...", and select "Registry Entity Check":

  4. In the "Name" field, enter "Check AC_TermOnExecution".

  5. Select "Check Registry" checkbox. Select "Registry key and value exist" option.

  6. In the "Registry Value Name" field, enter:

    UPDATE REG_DWORD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant\Parameters\AC_TermOnExecution

  7. In the "Registry Value Data" field, enter "1".

  8. Uncheck "Check File" checkbox:

  9. Click "OK".

  10. Save and install policy.

Once the rule is enforced on a target PC, the "terminate on execution" feature will be enabled in the next OS boot.

 

Related Solution: sk132932 - How to modify registry entry or replace/install file on Endpoint Security Client using Compliance Blade.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment