Catch-All Policy

A useful Learning Mode Policy to set up in Production environments is called a Catch-All Policy. This type of policy will gather information on any executables in your environment that are not satisfied by other Privilege Manager policies.

These types of Catch-all monitor policies SHOULD NOT BE used for the Windows or macOS Computer Groups. Those groups apply to ALL computers in the environment and unless a monitor policy like this is setup to work with really good allow policies in front a lot of events will be sent.

  1. Under your Computer Group for which you want to monitor all activities select Application Policies and click Create Policy.

  2. From the Policy Wizard select Monitoring and click Next Step.

  3. Select Everything and click Next Step.

  4. Enter a name, for example Catch-all Monitor Policy.

  5. Click Create Policy.

    policy

  6. Customize the policies Conditions, Actions, and Policy Enforcement, for example:

    • Under Applications Targeted, click Add Application Target and search for and add Interactive Users.

    • Under Exclusions, click Edit and add LocalSystem and Service applications to the exclusion list.

      customized

    • Under Show Advanced | Policy Enforcement set the switch for Stage 2 Processing to active an all others to inactive.

      enforcement

  7. Click Save Changes

  8. Set the Inactive switch to Active.