Deny Zoom Application

With your monitoring policies properly set up, anything you do on your Mac test machine will be discovered by Privilege Manager. For this example we will create a policy that blocks the Zoom application.

File Inventory

Open the Zoom application on a macOS test workstation. When the application is opened, Privilege Manager discovers it as an Application Action from Event Discovery Testing Computers Audit Policy (macOS).

  1. In the Privilege ManagerConsole, navigate to File Inventory.

  2. Verify new items have been registered by your Event Discovery Testing Computers (macOS) policy. These may be listed as New Loaded Resources.

    file inventory

  3. Select a New Loaded Resource link.

  4. On the loaded Resource Explorer page, click Discover Now. It still may take time to properly load details about these new events, usually indicated by a Discovery Status of New.

    Status

    Clicking Discover Now creates and executes a Manual client-side resource discovery task. If you click the status link the task page opens (not shown in this example sequence).

    On the Resource Explorer page of a fully discovered resource, you can click Manage Application to select the option you want to use, which is to either

    • create a filter, or
    • create and add to a policy.

    manage app

When a resource is fully discovered it is displayed with full name on the discovery events page:

Policy Activities

From the File Inventory page you can also use the View File or Create Filter options to create specific filters for the discovered applications and assign those to existing policies.

file inventory

Assign to Policy

Once the resources have been fully discovered, the fastest way to either create a new policy or add to an existing one is via the Assign to Policy link on the Events page.

  1. Click Create Filter.

  2. The Manage Application page opens for the selected resource.

    Resource Explorer

  3. Click Create and Add To Policy.

    Add to Policy Button

  4. On the Manage Application page select your existing deny application execution policy from the drop-down and click Update Policy.

    Policy

  5. Set the Inactive switch to Active.

Updating the Workstation

On the macOS workstation:

  1. Open System Preferences | Privilege Manager.

    update client items

  2. Click Update Client Items.

Policy Verification

Once this Deny policy is updated on your workstation, when you click Zoom, you will see a message like this:

Application denied message