Vaughan Harper's blog IBM Privilege Manager IBM Policy Manager – implementing file blocking on Mac OS/X
IBM Policy Manager – implementing file blocking on Mac OS/X

IBM Privilege Manager

IBM Policy Manager – implementing file blocking on Mac OS/X

I’ve recently started working with IBM Privilege Manager (from Thycotic), which enables organisations to remove local administrative¬†rights from endpoints, or ‘implement Least Privilege and Application Control. Among other things you can specify the name of an executable file which you want blocked. (In fact you specify the file attributes in a ‘Filter’, then you specify a ‘Policy’ which defined what action should take place when there is a match with with the file specified in the Filter.)

It works on Windows and Mac OS/X. But when I tried blocking a particular file on OS/X I kept getting a message in the log which said ‘No policies apply’ followed by the name of the file in question. The answer? I eventually found that the policy definition includes an attribute called ‘Applies to all processes’. According to the help text it ‘Determines whether or not the policy applies to just interactive user processes or all processes including System based processes’. The file that I was trying to block was actually a consequence of a System based process, so when I set this attribute it happily blocked the file in question.

Vaughan

Written by Vaughan

Leave a Reply

Your email address will not be published. Required fields are marked *