If you need to block all applications that contain a specific term, such as “app”, in their name, using wildcards such as *, the process can be configured through block lists and allow lists for privilege elevation.
Steps to Configure Application Blocking:
- Configuring Default Blocking on the System:
- First, you need to configure a block setting that prevents privilege elevation for all applications in the system. You can find details on how to implement this configuration in the official senhasegura documentation: Privilege Elevation Blocking.
- Allow List Configuration with Regex:
-
After establishing the block list, create an allow list. In this list, use regular expressions (Regex) to specify exceptions. To allow privilege elevation for applications that contain “app” in their name, use the following Regex expression: ‘.app.’
-
This configuration will ensure that any application whose name includes “app” can receive privilege elevation, while others remain blocked from this action.
Additional Considerations:
-
Applications Not Requiring Elevation: It is important to note that applications that do not require privilege elevation to function will continue to be accessible normally. The block only applies to privilege elevation.
-
Testing and Validation: After configuring the block and allow lists, it is recommended to perform tests to ensure that the policies are being applied correctly and that there is no negative impact on operational functionality. - Ongoing Review: Lists should be reviewed and updated periodically to adapt to new security needs and changes in the IT environment.
By following these steps, you can efficiently manage which applications can and cannot receive elevation of privileges within your organization, increasing security and reducing potential vulnerabilities.