Straightforward Settings

By Matthew Sarrel  |  Posted 2010-04-23 Print this article Print


Straightforward Settings

Settings for Anti-Executable are pretty straightforward. Protection can be enabled (active whitelist), disabled (totally unprotected) or in maintenance mode (new executable files are automatically whitelisted when enabled). Other settings are whether to show a tray icon, to disable mouse and keyboard, and to shut down or restart the workstation. The degree to which the user can be involved can be controlled: Is there a splash screen or not? Are pop-up notifications of blocked applications on or off? Alerts are customizable by whitelist or blacklist, as is an image, such as a logo or a photo of you holding a sledgehammer accompanied by an explanation of why what the user is doing is wrong.

If the tray icon is shown, there is a key combination to enable the interface (left-shift, left-click) followed by an administrative login that requires a strong password. Administrative rights are required for administrators and trusted users. The former can make lasting changes, and the latter can make temporary exceptions. Those without credentials will have their applications blocked.

Reporting is bare bones. In essence, each workstation agent writes a log of basic information and those are combined into a single report. This is very basic stuff, like time, machine name, user account, event and description. It would not be fun to scan through thousands of lines of this stuff every day looking for anomalies. I could easily export reports and import them into another app for better reporting. The bulk of my time with Faronics Anti-Executable was spent building and maintaining whitelists-as it is with all whitelisting products. Building whitelist maintenance into your patching process is important, so it's best to set aside a workstation (or virtual machine) on which to apply patches, and then build and test whitelists before deployment. I found it best to actively maintain the whitelist on one machine and push that whitelist to the others through the management console. I could not see how this could be automated. I had to do this by saving whitelists (AEWL files) from the first machine and then manually applying them to the other workstations.

This proved to be an extremely effective method of preventing the installation of malware. I could download any piece of test malware I wanted (demonstrating that whitelisting should be part of a more comprehensive endpoint security policy), and Anti-Executable stopped it from running. And software configurations are locked. It's not the easiest software in the world to manage, and I suspect the problems will be worse in larger organizations, but the client agent does what it is supposed to do.


Matthew Sarrel Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse and for more general information on Matt, please see

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel