Anti-Executable Dashboard

The Anti-Executable Dashboard provides a dynamic view of the Anti-Executable activity across all computers. Anti-Executable actions can be performed directly from the dashboard.

Go to Home > Anti-Executable to launch the Anti-Executable dashboard.

 

Overview

The following dynamic widgets are available:

•	Protection Status - shows the number and % of computers where Anti-Executable is Enabled vs Disabled.

•	Violations Status - shows the breakdown of violations count based on different violation types.

•	Violations by Policies - shows the number and % of violations by policy name.

•	Violations by Groups - shows the number and % of violations by group name.

•	Violation History - shows the detailed violation history with the Time Stamp, File Name, Computer, Policy, Group, Violation Type and Status.

•	Daily Violation - shows a graph of number of violations by date.

•	Violations Trend - Weekdays - shows a graph of number of violations by weekday.

•	Most Blocked Programs - shows a graph of the most blocked program with the number of violations.

•	Computers with Most Violations - shows a graph of computers with the most number of violations.

 

Action Panes:

The following action panes are also available:

File Events Pane

File Events pane captures and summarizes Anti-Executable events in the context of a file. Files that need to be reviewed by the administrator are in bold. The table has the following fields:

 

Event Type	Name	Details	Product Name	Count	On Computers	In Policy	Groups	Action	Action Taken

Events: The following Event types are shown:

•	Unknown File Allowed - a file that is not defined in Policy Control List or Local Control List, but is allowed to execute in Audit mode or Unknown File is set to Allow in Policy Settings.

•	Unknown File Blocked - a file that is not defined in Policy Control List or Local Control List, or Unknown File is set to Block in Policy Settings.

•	Block Override - a file that is defined as Blocked in Policy Control List but is allowed to run since Anti-Executable is running in Audit mode with Policy Control List settings not enforced.

•	Control List Blocked - this event is logged when a file that is specified as Blocked in Policy Control List or Local Control List tries to execute and is blocked by Anti-Executable.

•	Add - Maintenance Mode - this event is logged when a new file is added on a computer and it is not defined or present in Local Control List or Policy Control List.

•	Add - AE Admin - An unknown file that gets blocked but an AE Admin chooses to add it to local client side file exceptions.

 

 

Actions: Allow and Block actions have the following options:

•	In All Policy Control List - This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

•	In Reported Policy Control List - This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

 

Computer Events Pane

Computer events pane summarizes Anti-Executable events keeping a specific computer in context. Computers that need to be reviewed by the administrator are in bold. The table has the following fields:

 

Event Type	Computer Name	Count	Last Reported	In Policy	Tags	Group	Action	Action Taken

 

Events: The following Event types are shown:

•	Anti-Executable protection disabled over 12 hours

•	Anti-Executable protection disabled over 6 hrs but less than 12

•	Anti-Executable computer in maintenance mode for over 6 hours

•	Anti-Executable computer in maintenance mode for over 3 hrs but less than 6

•	Computers with violations (highest count will show up first in the grid)

•	Computers with new files added in Maintenance (highest count files show up first)

 

Actions: Select one or more events and click Enable Protection.

 

 

Policy Stats Pane

Policy Stats pane shows the status of each Anti-Executable policy. It clearly shows the deployment type for the Anti-Executable policy and other policy related information . The edit option allows administrators to change the Deployment type or change the Stage in the 3 stage deployment. The table has the following fields:

 

Policy Name	Deployment Type	Computers	Unknown Files	Files in Control List	Unknown Files violations in the last 14 days	Policy Deployment Completion

Actions: Click Edit in the Policy Deployment Complement column and change the Deployment Type if required.

 

 

Client Event Logs

Client Event Logs tab shows events occurring on the Anti-Executable client and reported to Deep Freeze Cloud by all computers where it is installed. This log will be a combination of all Anti-Executable events reported and displayed in order of the time the event occurred on the computer. The table has the following fields:

 

Time Stamp	Computer Name	Event Description	Policy	Group	Tags	User Name	File Name	File Path	Set Authorization	Action Taken

Events: The following Event types are shown:

•	File Violations - Unknown Allowed, Unknown Blocked,Control List Blocked,Block Override

•	Folder Violations

•	Maintenance Start/End

•	Protection Enabled/Disabled

•	File Added to Local Control List - AE Admin

•	File Added in Maintenance mode

 

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

•	In All Policy Control List - This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

•	In Reported Policy Control List - This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

•	In Reported Computer’s Local Control List - This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

 

Client Side File Exception

Client Side File Exception tab is a collection of all file exceptions added across all Anti-Executable computers that include the following situations:

•	Local Control List in maintenance mode

•	Files Added to Local Control List by Anti-Executable Administrator

•	Files added to only Local Control List

The table has the following fields:

 

Computer Name

File Name

File Path

File Version

Set Authorization

Trusted

Publisher

Policy

Group

Product Name

Comment

Time Stamp

Added By

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

•	In All Policy Control List - This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

•	In Reported Policy Control List - This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

•	In Reported Computer’s Local Control List - This option Allows or Blocks the file in Policy Control Lists where the file has been reported as a violation.

 

Local Control List Tab

Local Control List tab provides a dynamic table showing the Local Control List with all files for each computer managed by Anti-Executable. Select or search for the computer in the View Local Control List of Computer field. Select a computer to retrieve its Local Control List. A task is initiated and the Local Control List will be retrieved within10 minutes.

The table has the following fields:

 

File Name	File Path	File Version	Set Authorization	Trusted	Publisher	File Hash	Product Name	Comment	Time Added	Added By

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

•	In All Policy Control List - This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

•	In Policy Control List - This option Allows or Blocks the file in Policy Control List selected from the list.

 

Central List

Central List tab provides a dynamic table which is an aggregation of all files reported across all Local Control Lists. Actions can be performed directly from the Central List tab. The table has the following fields:

 

File Name	File Version	Publisher Name	Hash	Product Name	Comment	Date

Actions: Select one or more entries and click Allow or Block. Allow and Block actions have the following options:

•	In All Policy Control List - This option Allows or Blocks the file in all Policy Control Lists in all policies where this file exists.

•	In Policy Control List - This option Allows or Blocks the file in Policy Control List selected from the list.