Configure application behavior recording

Start a behavior recording to find out how an application behaves.

Make sure that the application has been whitelisted.

Once you have saved the behavior recording, you can then use it to generate application permissions that are restricted to precisely the learned behavior. This way, only the behavior that is actually needed will be allowed, everything else will be blocked.

Please do the following:

1. Open the Operating node in the DriveLock Management Console and select Agent remote control.
2. Double-click the relevant agent to display its properties.
3. Select the Start... button on the Application Control tab in the Application behavior recording section.
4. Add directories or programs whose behavior you want to record.

5. Select which kind of accesses you want to record, see example.

   

6. If you want to delete a recording that already exists, select the checkbox.
7. It is recommended to limit the recording to a certain period of time. You can enter a maximum of 10 days here, but we recommend a much shorter period.

8. Once you have tested the application, for example on a reference computer, for a certain period of time and collected a sufficient amount of data, click Download... to download the behavior recording in a JSON file and evaluate the results.

   

9. You can now use this results file in an application behavior rule.