DLL blocking
Blocking dll's is done when an executable tries to load the process. For example, when blocking the dll "fonts.dll" and the executable "notepad++.exe" and trying to load this dll in any routine such as creating a document, this loading detection happens after the validation process. The executable is closed if this dll is not allowed, preventing its loading.
Trusted directories
It is possible to create trusted directories that ensure that any file in the allowed path can be executed. To add new trusted directories, go to Go Endpoint Manager → Settings → Parameters → go
In the configuration:
- Enable DLL analisys? mark as Yes
- Click New Trusted Directory to add
- Fill in the Directory path
How to register an untrusted DLL
Go to Go Endpoint Manager → Settings → Access Lists
- Click on the Actions menu
- Choose the option New General Segregation
- Choose the Applications category
- Fill in the following information on the General List screen:
Name*: Define a name to identify the access list;
Action*: Mark as Denylist to block a dll;
Suppose an application is executed outside of senhasegura.go, it will be blocked if it is on the denylist. But if it is not even in the allowlist and denylist will be executed normally.
Status*: Set to Active/Inactive;
Record the session of these apps*: Set to Active/Inactive;
Criteria: Select the criteria, if it will be a directory, the name, the file version, the product version, the manufacturer, and the hash;
Rule: Fill the rule with the full path of the dll.
- After adding the criteria and rule, click on Save
For example, using the directory criterion, the dll's that a program will use are located in the folder they are installed in, so it is necessary to check which folder it is in and get the full path.
Blocking DLLs should be done with caution. If a system dll is blocked, the system functioning may be affected.