Bit9 Stops Malware with Whitelist

Notice in the upper right screen the “warnings” section. During initial use of the product, this is where I spent most of my time, clicking on the “malicious” and “potential risk” counters to immediately evaluate files and take countermeasures where indicated. IT managers who are installing Bit9’s Parity on an existing fleet of systems and servers will spend a lot of time here getting a handle on the installed software in the environment.

I inventoried a Windows desktop and laptop system that had been used in production for two years. Along with my lab test systems, Parity found 17,943 items of interest installed in my environment. The product would be useless without the extensive library of files that Bit9 has evaluated and assigned a threat assessment value.

The Parity agent tracks new files and reports both the quantity (shown here in this trend report) and details (some shown on the next slide). Over time, I would expect this trend to stabilize at some low number. An upward spike in the graph should be a signal for IT pros to pay closer attention to what’s happening in the end-user environment. And for more fine-grained control

Computers installing files in the last 24 hours can be tracked using one of several canned reports included with Parity. There is a great deal of report flexibility, and IT managers will be able to get information about attempted installations, blocked applications and other anomalous application behavior.

Here’s what the end user sees on a Windows XP client in lockdown mode when trying to install unapproved software. Most elements in this warning screen can be customized, including the logo and warning message. This is a block screen. Had Parity been running in block and ask mode, there would have been an “allow” button on the lower right side.

Managed computers can be grouped together for greater ease of management. I like Bit9’s design philosophy-

Diving into the weeds on an individual system is easy enough, and I got plenty of detail on what was happening on my managed systems.

In addition to trusted directories, users and publishers, Parity is able to trust self-updating software such as anti-virus applications, thus cutting down on false-positive blocks of approved software activity.