Anti-Executable Editions

Faronics Anti-Executable has four different editions available. Whether you have servers or workstations, working standalone or as part of a network, Anti-Executable will provide you with the protection that you need. Choose the Anti-Executable edition that bests suits your needs: Edition Standard Server Standard Enterprise Server Enterprise Use Anti-Executable to protect Local computers loaded with non-server operating system Local computers loaded with server operating systems Remote computers loaded with non-server operating system* Remote computers loaded with server operating systems*
*Enterprise versions allow to protect multiple computers from a central console called Faronics Core Console.
About Faronics Core Console
Faronics Core Console is a lightweight, high performance, secure, easy-to-learn, and integrated framework for the management of multiple Faronics products. It provides a consistent and reliable method of displaying, managing, installing, updating, and protecting workstations and servers from a single console, allowing your organization to increase efficiency with a complete management solution for Faronics products. Enterprise Versions of Anti-Executable allow you to protect multiple workstations via Faronics Core Console.

System Requirements

Console Requirements
Information on Faronics Core Console system requirements can be found in the Faronics Core Console users guide.

Workstation Requirements

Anti-Executable can be installed on the following operating systems: 32-bit edition of Windows XP SP3 and 64-bit edition of Windows XP SP2. 32- and 64-bit editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 (64-bit only), Windows Vista, and Windows 7.
Anti-Executable Licensing
Anti-Executable is available in both Full and Evaluation versions. An Evaluation version can be downloaded for free from Faronics' web site (www.faronics.com) and it will be fully operational for 30 days after installation. An expired Evaluation version will not protect the machine and must be uninstalled or upgraded to a Full Version. A Full version requires a valid License Key in order to protect the machine. Anti-Executable Licensing works as follows: The Core Server (a component of Faronics Core) automatically pushes the License Key to the workstations where Anti-Executable Client is installed (if the computers are offline, the License Key is applied once the computers are back online). The License Key cannot be manually edited at the workstation.
If the Faronics Anti-Executable License Key was entered while installing the Loadin, it is not necessary to enter it again in the Properties tab.
Server editions of Anti-Executable cannot be installed on a non-Server Operating System. License Keys for Server editions of Anti-Executable cannot be used on non-Server editions. Non-Server editions of Anti-Executable cannot be installed on a Server Operating System. License Keys for Non-Server editions of Anti-Executable cannot be used on Server editions.

Installing Anti-Executable on a Workstation Manually
Before installing Anti-Executable on a workstation, copy appropriate.msi file from the path C:\Program Files\Faronics\Faronics Core 3\Loadins\Anti-Executable\Workstation Installers on the computer where the Anti-Executable Loadin is installed to one or more workstations. To install Anti-Executable manually on a workstation after copying the file, complete the following steps: 1. Double-click the.msi file to begin the installation process. Click Next to continue.
3. Enter the User Name and Organization. If Use Evaluation is selected, Anti-Executable is installed as an Evaluation version and is valid for 30 days. An Evaluation version can be converted to a Full shipping version at any time by entering a License Key. Click Next to continue.
4. Specify the install location. The default is C:\Program Files\Faronics\AE. Click Next to continue.
5. This step is optional. Specify the Anti-Executable Administrator and Trusted User passwords. These passwords can also be set in the Anti-Executable Users tab following installation. Click Next to continue.
6. The Automatic Scanning dialog is displayed. Select the check box if you want Anti-Executable to automatically scan all non-removable drives on the computer and create a White List. Select one of the following displayed options: Add files fingerprint to the White List - to add the files unique identifier the White List. All files whose fingerprint is added to the White List will be allowed to run. Add the files publisher to the White List if the file is digitally signed - to add the files publisher to the White List. All files digitally signed by the publisher in the White List will be allowed to run. Add the files publisher to the White List if the file is digitally signed. Otherwise, add the files fingerprint - to add the files publisher if the file is digitally signed, or add the files fingerprint if it is not digitally signed. Include DLL files when scanning - to include DLL (Dynamic Link Library) files while scanning. Click Install to install Anti-Executable. Anti-Executable is installed and the White List is activated.
7. Click Finish to complete the installation.
8. Following a successful installation a restart is required. Click Yes to restart immediately or No to restart later.
An immediate restart is recommended following installation. If the Enable check box is selected in the Automatic Scanning and White List Creation dialog, Protection is enabled and there is an Active White List when the computer restarts. If the Enable check box is not selected in the Automatic Scanning and White List Creation dialog, Protection is disabled and there is no Active White List when the computer restarts.

Accessing Anti-Executable
Overview Accessing Anti-Executable via Faronics Core Console Accessing Anti-Executable Enterprise on a Workstation

Overview

Anti-Executable Enterprise can be accessed through Faronics Core Console or directly from the workstation where it is deployed. The account used by Faronics Core Console to communicate with a workstation must be a Windows administrator account that is valid on that workstation. Communication from Faronics Core Console to the workstation occurs under the context of that account. This account becomes the first Anti-Executable Administrator following installation from Faronics Core Console. Additional Anti-Executable Administrators allowed to access Faronics Core Console must be added to the workstations Anti-Executable users list to manage one or more workstations. If the account used to communicate with a workstation through Faronics Core Console is changed, ensure the new account has Anti-Executable Administrator or Trusted User rights on the workstation.
Accessing Anti-Executable via Faronics Core Console
Anti-Executable can be accessed through Faronics Core Console by selecting one or more workstation(s) from the Workstations list in Faronics Core Console and opening the Actions pane > Configure Anti-Executable, or right-clicking on a workstation from the list and selecting Configure Anti-Executable. Multiple workstations can be selected at one time. Hold down the Shift key to select a contiguous range of workstations or CTRL to select any number of non-contiguous workstations. Changes made will be applied to all selected workstations. Workstation status can only be retrieved on an individual basis.
Anti-Executable Columns in Faronics Core Console
The following columns related to Anti-Executable are displayed in the Results pane: Stealth This column specifies if Anti-Executable is running in Stealth Mode. Protection This column specifies one of the following values: Enable When set to Enable, it indicates that Anti-Executable is protecting a workstation with an Active White List. Disable When set to Disable, any executable can be launched on the workstation. Maintenance Mode When in Maintenance Mode, new executable files added or modified are automatically added to the Active White List when Enable is selected. If Disable is selected, the changes are not recorded by Anti-Executable. Temporary Execution Mode When set to Temporary Execution Mode, any executable can be launched on the workstation. Version This column specifies the Anti-Executable version. Logging This column specifies if the Log to Event Viewer option has been enabled or disabled. License Type This column specifies if this is an Evaluation or a Full version. Mouse/Keyboard This column specifies if the mouse and keyboard of one or more selected workstations are enabled or disabled.

For information on the other columns in the Workstation list, refer to Faronics Core Console documentation.
Executing Anti-Executable Commands via Faronics Core Console
Anti-Executable commands can be accessed via the right-click context menu. Anti-Executable commands can also be accessed via Faronics Core Console Actions pane located on the right side of the Faronics Core Console window. The Actions pane lists these tasks once a workstation has been selected from the list.
Protection To quickly Enable or Disable Anti-Executable protection, select one or more workstations and click on Protection > Enable or > Disable in the Actions pane. Maintenance Mode Set Anti-Executable to run in Maintenance Mode. Stealth Mode Configure Anti-Executable to run in Stealth Mode on one or more selected workstations. Keyboard and Mouse Disable or enable keyboard and mouse devices on an individual workstation or multiple workstations by clicking on Keyboard/Mouse and selecting Disable or Enable. White List A White List can be made Active on one or more workstations. Select a workstation and select White List > Apply. The user will be prompted with a dialog allowing them to select a White List. Black List A Black List can be made Active on one or more workstations. Select a workstation and select Black List > Apply. The user will be prompted with a dialog allowing them to select a Black List. Configure Anti-Executable Select this option to configure Anti-Executable.

Scheduling Actions

Anti-Executable and Faronics Core Console events can be scheduled to occur on one or more workstations at a date and time convenient to the administrator. Click on one or more workstations and select Schedule Action. The sub-menus which appear contain the following list of available actions: Actions controlled by Faronics Core Console: Shutdown Restart Wake up Protection (Enable or Disable) Maintenance Mode Black List (Apply) White List (Apply) Alerts (Enable or Disable) Logging (Enable or Disable) Temporary Execution Mode Install/Upgrade Anti-Executable Uninstall Anti-Executable

Actions controlled by Faronics Anti-Executable
Selecting an action displays a Schedule menu that allows the administrator to specify the frequency (one-time, daily, weekly or monthly). Based on the frequency, you can select the specific time, day, date, or month.
Accessing Anti-Executable Enterprise on a Workstation
Anti-Executable is accessed directly on a workstation by holding down the Shift key and double-clicking on the Anti-Executable icon in the Windows System Tray. The Ctrl + Alt + Shift + F10 hotkey sequence can be used as well. If you are an Administrator, you will have access to the Status, White List, Black List, User, Temporary Execution Mode, and Setup tabs. If you are a Trusted User, you will have access only to the Status, White List, and Black List tabs. External users are not permitted to access Anti-Executable. Anti-Executable Administrator and Trusted Users must enter the appropriate passwords to access Anti-Executable if those passwords have been set.

Using Anti-Executable

This chapter describes the procedure to configure and use Anti-Executable.
Overview Status Tab White List Tab Adding Blocked Executables to the Active White List Black List Tab Users Tab Termporary Execution Mode Tab Setup Tab Creating an Anti-Executable Report through Faronics Core Console
Following installation, Anti-Executable must be configured. Anti-Executable Administrators can access all the following tabs: Status Displays the version of Anti-Executable installed, whether newer versions of Anti-Executable are available and allows user to import and export configurations, and set Anti-Executable Protection to Enable, Disable or Maintenance Mode. White Lists Used to create, edit, and apply White Lists. Black Lists Used to create, edit, and apply Black Lists. Users Used to add Administrators, Trusted users and their passwords. Temporary Execution Mode Used to activate Temporary Execution Mode where any executable can be launched on the workstation. Setup Used to configure Stealth Mode, manage logging, alert messages, and enable Anti-Executable compatibility with Deep Freeze.
Anti-Executable Trusted Users have access only to the Status, White Lists, and Black Lists tabs. The Windows administrator user account that performed the installation is the first Anti-Executable Administrator.

Status Tab

The Status tab allows Anti-Executable Administrators and Trusted Users to configure various settings, set protection to Enable, Disable, or Maintenance Mode, and import or export previously saved configurations. When a single workstation is selected in Faronics Core Console and Configure Anti-Executable is selected, the workstation configuration is retrieved automatically.
Verifying Product Information
The About pane displays the version of Anti-Executable installed. If newer versions are available, New version is available is displayed. Click Update for more information. If an Evaluation version of Anti-Executable has been installed, the Valid until field displays the date when Anti-Executable expires. Anti-Executable displays a notification about the current status of the License in the windows system tray. Once the evaluation period expires, Anti-Executable will no longer protect a machine. The following expired icon is displayed in the system tray when Anti-Executable expires.

Importing Anti-Executable Configurations
Anti-Executable Administrators and Trusted Users can import previously exported Anti-Executable configurations by clicking Import. Select one or more import options in the Import Options dialog that is displayed. The following options are optional and the import process will be successful even if none of the following options are selected: Import Active Whitelist and Blacklist Import Alert Image Import Anti-Executable Users
Click OK and browse to a configuration configuration file (.aecfg).
Retrieving settings from Faronics Core Console
The Status pane retrieves and displays all the settings of a single workstation. When a single workstation is selected and Anti-Executable is launched via Faronics Core Console, the workstation settings are retrieved automatically.
The status can only be retrieved when a single workstation is selected.

White List Tab

Anti-Executable allows the launch of any executable on the Active White List when Protection is set to Enable. Also included are White Foldersfolders and their sub-folders from which any executable can be launched. There can only be one White List active at a time on a workstation. Refer to the section titled Creating a New White List for information on creating the first White List. Executables installed on a remote workstation cannot be added to the Active White List unless the remote workstation is visible through the file browser in the Anti-Executable Scan dialog. White Lists can be applied and deployed to workstations via Faronics Core Console or manually on each workstation.
White List Management through Faronics Core Console
To configure Anti-Executable White Lists through Faronics Core Console, right-click one or more workstations and select Configure Anti-Executable.
The White List tab can also be used to open or create White Lists. For more information consult the Using The Anti-Executable White List Editor section of this guide.
Using The Anti-Executable White List Editor
The White List Editor is opened by clicking on the White List tab and selecting New, Open, or Edit. The White List Editor also appears when an individual White List file is opened in Windows Explorer.
New Opens the White List Editor and creates a new White List. Open Opens an existing White List for editing. Edit Opens the White List editor to add or remove executables and/or folders to the Active White List.
Creating a New White List
Only Anti-Executable Administrators and Trusted Users can access the White List editor on a workstation. It is recommended to use a clean computer to create a White List. A clean computer is a system that has the Operating System and all the required applications installed for day-to-day operations. Creating a White List before the computer is handed over to the user will ensure that the White List contains only the files required for the computer to work properly. To create a new White List complete the following steps: 1. Launch Anti-Executable. To launch Anti-Executable via Faronics Core Console, select a workstation, right-click and select Anti-Executable > Configure Anti-Executable. Click the White List tab after the workstation status has been retrieved. To launch Anti-Executable on the workstation, Shift+ double-click the Anti-Executable icon in the System Tray. You can also use the Ctrl+Alt+Shift+F10 hotkey. Specify the Administrator password to logon to Anti-Executable. Click the White List tab. 2. Click New. The White List editor appears:

4. Click OK. The Publisher or the File/Folder is added to the White List.
Adding Executables or Folders to an Existing White List Using the White List Editor
In addition to populating a new White List, the Scan feature allows executables from a specific location to be added to an existing White List. This location can be local, external, or on a network. Click Scan to launch the White List Scan Destination dialog. This will search the selected location for any executables. Once the scan has finished, the results can be merged into the White List. Individual folders and executables can be added by clicking Add. To open a previously created White List, click Open and browse to the White List file. Make any changes necessary with Add, Remove, Scan, or Merge buttons. These buttons add and remove executables and folders from the White List. They do not modify actual files or folders on the machine. Click the White List Only button to delete the executables from the Black List and ensure that they are a part of only the White List. Multiple White Lists can be opened and edited at the same time. Only one White List can be set as an Active White List at a time.
Adding Blocked Executables to the Active White List
Executables can be added to the active White List by launching them. If the workstation is in the protected state and an unauthorized executable is launched, the Anti-Executable Administrator or Trusted User is prompted with options to Allow, Deny, or Allow and Add to White List.
AllowPermits the executable to launch but does not add it to the Active White List. The next time the executable is launched, it will be blocked again. DenyThe executable is not added to the Active White List and remains an unauthorized executable. It is not permitted to launch. Allow and Add to White ListThe executable is allowed to launch. It is also added to the Active White List, making it an authorized executable. Include all DLLs used by this programAll the DLL files used by the program are included in the action taken (Allow, Deny or Allow and Add to Whitelist).
External users do not have the necessary permissions to Allow, Deny, or Allow and Add to White List. External users attempting to launch executables not in the Active White List are notified that the executable has been blocked. Refer to the section on Customizing Alerts for more information.

Black List Tab

Anti-Executable allows the blocking of any executable on the Active Black List when Protection is set to Enable. Also included are Black Foldersfolders and their sub-folders from which any executable is blocked. There can only be one Black List active at a time on a workstation. Consult the section titled Creating a New Black List for information on creating the first Black List. Executables installed on a remote workstation can not be added unless the remote workstation is visible through the file browser in the Anti-Executable Scan feature. Black Lists can be applied and deployed to workstations via Faronics Core Console or manually on each workstation.

By default, the Windows user account which performs the Anti-Executable installation becomes the first Anti-Executable Administrator User. This Administrator User can then add existing Windows users to Anti-Executable. Any user not listed by Anti-Executable is an external user who is subject to the executable launch limitations specified by the contents of the Active White List. If an Anti-Executable Administrator or Trusted User attempts to open an unauthorized application while Anti-Executable is enabled, they will be shown a dialog with an option to Allow, Deny, or Allow and Add to White List.
Adding an Anti-Executable Administrator or Trusted User
All Anti-Executable users are existing Windows user accounts. However, all Windows user accounts do not automatically become Administrators or Trusted users. Windows user accounts that are not Administrators or Trusted Users are External users. To add a user to Anti-Executable, perform the following steps: 1. Click the Users tab at the top of the Anti-Executable window.
2. Click Add to add a new user. Select the User icon from the list provided.
3. If the list is empty, click Advanced > Find Now to display a list of available users. Domain administrators that have logged in as such can add other domain users. Click on a user name to add it to Anti-Executables list and click OK.
4. By default, each added user is an Anti-Executable Trusted User. If the new user is to be given administrative rights, specify them as an Anti-Executable Administrator by checking the Anti-Executable Admin Role check box.
Removing an Anti-Executable Administrator or Trusted User
Click on the Users tab and select the user to be removed. Click Remove. This does not remove the users Windows user account. The user has now become an external user.
Enabling Anti-Executable Passwords
As an added layer of protection, Anti-Executable can attach a password to each user group. Passwords only apply to the members of the associated groups. To specify a password, ensure the Enable check box is selected and enter the password in the New Password and Confirm Password fields. Click Apply to save any changes.
Termporary Execution Mode Tab

Setting Event Logging in Anti-Executable
Select Log to File to log events to the log file. The log files are saved on the workstation at S:/AEE/AE.log.

Monitor DLL Execution

Select the Monitor DLL Execution check box to monitor DLLs. If this check box is not selected, the DLLs will not be monitored even if they have been added to the Whitelist or Blacklist. If a selected Monitor DLL Execution check box is cleared, it displays a message Do you want to delete all the DLL entries in the Whitelist and Blacklist?. Click Yes to delete all the DLL entries from the Active Whitelist and Active Blacklist and No to retain the entries.
Anti-Executable Stealth Functionality
Stealth Mode is a group of options that control visual indication of Anti-Executable's presence on a system. Stealth Mode gives the option to the Administrator to hide the Anti-Executable icon in the Windows system tray, prevent the Alert from being displayed and prevent the splash screen
from being displayed. When Anti-Executable is not visible in the system tray, Administrators and Trusted users can launch Anti-Executable through the Ctrl + Alt + Shift + F10 hotkey. Stealth functionality has the following options: Hide Notification prevents the Alert from being displayed. Hide icon on system tray hides the Anti-Executable icon in the system tray. Disable splash windows disables the Anti-Executable splash window that is displayed before Anti-Executable is launched.
Deep Freeze Maintenance Compatibility
This feature is applicable only when Faronics Deep Freeze and Faronics Anti-Executable are installed on the computer.
The Deep Freeze Maintenance Mode Compatibility feature allows the Administrator to synchronize the Maintenance Modes of Deep Freeze and Anti-Executable. By enabling the Enable Deep Freeze Maintenance Mode Compatibility check box, Anti-Executable will automatically enter Maintenance Mode when Deep Freeze enters Maintenance Mode (Deep Freeze reboots Thawed in Maintenance Mode). By setting both Deep-Freeze and Anti-Executable to be in Maintenance Mode at the same time, any executable that is added to the computer, will not only be added to the Active White List, but will be retained by Deep Freeze once it freezes back the computer after the Maintenance Mode ends. Anti-Executable will stay in Maintenance Mode until shortly before the Maintenance Mode of Deep Freeze ends. Once Anti-Executable exits Maintenance Mode, it will add any new or updated executable files to the Active White List. When Deep Freeze exits its Maintenance Mode, it will reboot the computer Frozen with the updated White List. It is not possible to set Anti-Executable to Maintenance Mode if Deep Freeze Maintenance Mode Compatibility is enabled and Deep Freeze status is Frozen. This is because, changes made to the computer will be lost on reboot. If Anti-Executable is disabled, and Deep Freeze enters Maintenance Mode, Anti-Executable will continue to be disabled. Maintenance periods triggered by Deep Freeze will take precedence over any other Maintenance periods scheduled on Anti-Executable. For more information on Deep Freeze, visit http://www.faronics.com/deepfreeze.

Customizing Alerts

Anti-Executable Administrators can use the Alerts pane to specify the message and an image that appears whenever a user attempts to run an unauthorized executable. The following messages can be set: White List violation message displayed when a White List is violated. Black List violation message displayed when a Black List is violated.
Enter a message or use the default message provided. This text will be displayed in all alert dialogs whenever a user attempts to run an unauthorized executable. Choose a bitmap image by clicking Change and browsing to a file. The selected image will accompany the text in the alert dialog. Alert messages display the following information: Executable location Executable name Default or customized image Default or customized message
Creating an Anti-Executable Report through Faronics Core Console
Anti-Executable provides the following reports: Anti-Executable Report - detailed report for each workstation. Temporary Execution Mode Report - detailed report for all executables launched during Temporary Execution Mode.
To view the report for one or more selected workstations, right-click the workstation(s) and select Generate Report > Anti-Executable Report or Temporary Execution Mode Report. The following dialog appears:
Anti-Executable Report displays the following information: Time Stamp Machine Info User Info Event ID Description
Temporary Execution Mode report displays the following information: Time Stamp File Name Hash

Command Line Control

This chapter explains the various Command Line Controls available for Anti-Executable.
Anti-Executable Command Line Control offers network administrators increased flexibility in managing Anti-Executable workstations by allowing for control of Anti-Executable via third-party management tools and/or central management solutions. The following commands are available: Use the /PW=<password> switch to execute the command on computers where a password has been set. Specify the password for the Administrator or the Trusted User as applicable. The switch in [ ] is optional. White Lists have the extension.aewl. Black Lists have the extension.aebl.

Export Black List Export Configuration
Export White List Generate Black List Generate Black List and exclude Sub-Folders
[path] AEC exportWhiteList </active | Source white list path and name.aewl> <Destination File path and name.xml | Destination File path and name.csv> /PW=<password> [path] AEC generateBlackList <New Black List path and name.aebl> <Directory from which to start> [/apply] /PW=<password> [path]AEC generateBlackList <New Black List path and name.aebl> <Directory from which to start> /NoSub [/apply]/PW=<password>
Function Generate Black List and include executables in Black List Only Generate Black List and scan Multiple Destinations
Command [path]AEC generateBlackList <New Black List path and name.aebl> <Directory from which to start> [/NoSub] /BlackListOnly /apply /PW=<password> [path]AEC generateBlackList <New Black List path and name.aebl> <folderlist.txt> [/NoSub] [/BlackListOnly] [/apply] /PW=<password> folderlist.txt contains a set of folders and/or drives where Anti-Executable will scan to create the list. For example: C:\Program Files C:\Commonly Used Files D:\ The switch /apply must be used with the switch /BlackListOnly.
Generate Black List and select My Computer as scanning destination
[path]AEC generateBlackList <New Black List path and name.aebl> <"My Computer"> [/apply] /PW=<password>
Generate White List Generate White List and exclude Sub-Folders Generate White List and include executables in White List Only Generate White List and scan Multiple Destinations
[path] AEC generateWhiteList <New White List path and name.aewl> <Directory from which to start> [/apply]/PW=<password> [path]AEC generateWhiteList <New White List path and name.aewl> <Directory from which to start> </NoSub> [/apply] /PW=<password> [path]AEC generateWhiteList <New White List path and name.aewl> <Directory from which to start> [/NoSub] /WhiteListOnly /apply /PW=<password> [path]AEC generateWhiteList <New White List path and name.aewl> <folderlist.txt> [/NoSub] [/WhiteListOnly] [/apply] /PW=<password> folderlist.txt contains a set of folders and/or drives where Anti-Executable will scan to create the list. For example: C:\Program Files C:\Commonly Used Files D:\ The switch /apply must be used with the switch /WhiteListOnly.
Generate White List and select My Computer as scanning destination
[path]AEC generateWhiteList <New White List path and name.aewl> <"My Computer"> [/apply] /PW=<password>
Function Import Configuration List Commands Merge two White Lists /Black Lists and apply Merge two White Lists /Black Lists and save Merge two White Lists /Black Lists, save and apply Merge White List /Black List with the current White List / Black List and apply Protection Status Update License Key Legend

Command [path]AEC importConfiguration <Config file path and name.aecfg> /PW=<password> [path]AEC help [path]AEC merge list1 list2 /apply /PW=<password> where list1 and list2 are the Black List or White List.
[path]AEC merge list1 list2 <New list path and new list name> /save /PW=<password> where list1 and list2 are the Black List or White List. [path]AEC merge list1 list2 <New list path and new list name> /save /apply /PW=<password> where list1 and list2 are the Black List or White List.
[path]AEC merge list /apply /PW=<password> where list is the Black List or White List.
[path]AEC status /PW=<password> [path]AEC updateLicense <License Key> /PW=<password>
<mandatory user input> [optional user input] [path]: location where the file being referred to is stored on disk Example Command Line [path]AEC generateWhiteList engineeringLab.aewl C:\ /PW=<password> [path]AEC applyWhiteList engineeringLab.aewl /PW=<password> In the above example, [path] is the path to the Anti-Executable command line interface file (AEC.exe). GenerateWhiteList is the Anti-Executable command that creates a White List that in this case is called engineeringLab.aewl. The.aewl file extension is used for White List. The switch C:\ at the end of the command indicates that the White List will contain all the executable files currently present on the C drive. The second command makes the White List engineeringLab the active White List. In both cases, the password for the administrator is specified as <password>.

Silent Install Commands

Function Silent install (default) Silent install (Scan fixed drives) Silent install (set passwords) Silent install (set product key /Full version install) Silent uninstall Command msiexec /q /i [path] <Product MSI>
msiexec /q /i [path]<Product MSI> ISSCANENABLED="1"
msiexec /q /i [path] <Product MSI> AEADMINPSW=[password] TRUSTEDUSRPSW=[password] msiexec /q /i [path] <Product MSI> AEPRODUCTKEY=[License key]
msiexec /q /x [path] <Product MSI>
Uninstalling Anti-Executable
Uninstalling Using Faronics Core Console Uninstalling on a Workstation using the Uninstall Wizard
Uninstalling Using Faronics Core Console
Anti-Executable can be removed from one or more workstations using Faronics Core Console. To uninstall Anti-Executable perform the following steps: 1. Open Faronics Core Console. 2. Click on the Workstations icon in the left pane of Faronics Core Console. 3. Right-click on the workstation(s) in the Workstation List from which Anti-Executable will be removed. 4. Click on Configure Workstations > Advanced >Anti-Executable> Uninstall Anti-Executable.

After Anti-Executable has been uninstalled from the selected workstations, Faronics Core Console will reboot them to complete the uninstall process.
Uninstalling on a Workstation using the Uninstall Wizard
Anti-Executable can only be uninstalled by an Anti-Executable Administrator when Protection is set to Disabled.
Anti-Executable can be removed by double-clicking on the.msi file used to install Anti-Executable. The Setup Wizard appears: 1. Click Next to begin the uninstall.
2. Click Remove followed by Next.

3. Click Remove.

4. Click Finish to complete the uninstall.
5. Following a successful uninstall, a workstation restart is required. Click Yes to restart immediately or No to restart later.
An immediate workstation restart is recommended following uninstall.
Uninstalling the Anti-Executable Loadin
The Anti-Executable Loadin can be uninstalled through Add/Remove programs. To do so click on Start > Control Panel > Add/Remove Programs > Anti-Executable Loadin > Remove. Uninstalling the Anti-Executable Loadin will remove all Anti-Executable management capabilities from Faronics Core Console. It will not remove Anti-Executable installations from the individual workstations.

Faronics Anti-Executable and Granite School District

Case Study

February 26, 2009
Intelligent Solutions for ABSOLUTE Control
Tel: 1-800-943-6422 Fax: 1-800-943-6488

www.faronics.com

Tel: +1-604-637-3333 Fax:+1-604-637-8188
Faronics Corporation. All rights reserved. Faronics, Faronics Anti-Executable, Deep Freeze, Deep Freeze Mac, Deep Freeze Linux, Faronics Device Filter Mac, Faronics Insight, Faronics Power Save, Faronics Power Save Mac, Faronics System Profiler, and WINSelect are trademarks and/or registered trademarks of Faronics Corporation. All other company and product names are trademarks of their respective owners.
About Granite School District Granite School District, located in Salt Lake County, Utah, operates 60 elementary schools, 16 junior high schools, 9 high schools, as well as other special schools and programs. With 68,075 students, Granite is the second largest district in Utah and is among the largest public school districts in the nation. Granite is also one of Utahs largest employers, with more than 7,500 full and part-time employees. Granite has also been nationally recognized for teacher professional development programs and the economic efficiencies of its administration. The Problem They Faced Scott Watson, an Electronics Teacher in Hunter Senior High School, trains students in a computer lab consisting of 24 workstations that operate as independent computers 90% of the time, and serverinterfaced network stations for the balance 10%. These dual-core processor systems run Microsoft Windows XP SP3 and are utilized by over 150 students every day. We are fortunate in that we have a powerful computer lab, says Mr. Watson. We do, however, want to ensure that power is used for educational purposes, and not for classroom distractions such as games, instant Allowing unauthorized messaging, and peer-to-peer file sharing. Mr. Watson continues, We found that as the prices for USB flash drives fell, more students were using the drives to bring portable applications and executables into the classroom. This is obviously something we dont want since the applications students need to complete class assignments are already installed on the computers. Allowing unauthorized programs to run on workstations presents a serious challenge to a teachers ability to keep lab computers running and student attention focused. The Solutions They Tried The district did have a software product installed on the lab computers that kept unauthorized software from being installed on workstations; however it did not block program execution if the software was totally contained in the USB flash drive or any other source. As a result, the effectiveness of the current solution was reduced since it was not keeping up with technological and market changes. Scott started looking for newer, better products that could block unauthorized and unwanted executables from runningregardless of where the executable is located. We were already using Faronics Deep Freeze on our systems to keep them clean and consistent, says Scott. When I visited the Faronics website and discovered Faronics Anti-Executable, I knew it was something I had to try out. Granite School District is using Faronics flagship system consistency product, Deep Freeze, to eliminate workstation damage and downtime. Once Deep Freeze is installed on a workstation, any changes made to the computerregardless of whether they are accidental or maliciousare never permanent.
programs to run on workstations presents a serious challenge to a teachers ability to keep lab computers running and student attention focused.
Now Scott was excited about Faronics Anti-Executable. Its ability to only allow approved applications to run on a computer is exactly what he needed. Any other programswhether they are unwanted, unlicensed, or simply unnecessaryare blocked from ever executing. The Solution That Worked I could not find any other product comparable to Faronics Anti-Executable, says Mr. Watson. Faronics Anti-Executable has given Granite School District the ability to enforce total compliance in their computer labs. The districts teachers benefit from distractionfree classroom sessions each and every time, while the districts IT personnel are guaranteed that the lab computers remain free of unwanted software and compliant with acceptable use policies. Faronics Anti-Executables white list protection gives us the assurance that only the programs we have installed on the computers are able to run, says Mr. Watson. We use Deep Freeze to return our computers back to their original state, but that happens only upon workstation restart. Sometimes a lab computer is kept running for an entire day, so it could potentially accrue a whole days worth of software junk.

Key Benefits

Block Distractive Software From Running Blocks distractions such as games, instant messaging clients, and P2P applications from executing Ensures that computers are used for their intended purpose Stop Malicious Software From Installing Protects users from software threats such as keyloggers, spyware, & malware IT personnel experience a reduction in helpdesk requests Keep Workstations Compliant Guarantees that computers are compliant with acceptable use policies, regulatory requirements, and software deployment schedules

White list protection gives us the assurance that only the programs we have installed on the computers are able to run.
What Mr. Watson is referring to, of course, are keyloggers, spyware, malware, viruses, and trojans. These unwanted pieces of software can seriously cripple computing sessions, create damaging privacy leaks, and hamper student productivity. Faronics Anti-Executable protects students from these threats while still allowing them to access the programs needed to complete class assignments. Faronics AntiExecutable also ensures that at any given time only fully-licensed software is running on the lab machines. As a test I asked my class of extremely tech-savvy students to have a go at trying to hack or cripple Faronics Anti-Executable, says Scott. After a week of unsuccessful attempts, the students have voted Faronics AntiExecutable to be bulletproof.
Some of the ways in which the students tried to bypass Faronics Anti-Executables protection include: Replacing the administrator account Renaming unauthorized program names to authorized program names Program execution via batch files Replacing the white list file Hacking the computer management information
Scott continues, They were never able to bypass Faronics Anti-Executable. My favorite feature of Faronics Anti-Executable is its ability to read an authorized executables fingerprint so that even if one tries to fool Faronics Anti-Executable with a renamed program file, it will not execute. Very smart, indeed.
Faronics delivers software that helps manage, simplify, and secure desktop computers. Our products ensure users enjoy a trouble-free computing experience, and have freed IT personnel from tedious helpdesk requests. Faronics products benefit educational institutions, healthcare facilities, libraries, government organizations, and corporations in over fifty countries worldwide.

Contact Us

Web: Email: Phone: Fax: Hours: Address: www.faronics.com sales@faronics.com 800-943-6422 or 604-637-3333 800-943-6488 or 604-637-8188 7:00am to 5:00pm (Pacific Time) Old Crow Canyon Road San Ramon, CA 94583 USA
Granville Street Vancouver, BC V7Y 1G5 Canada

Copyright

This publication may not be downloaded, displayed, printed, or reproduced other than for noncommercial individual reference or private use within your/an organization, and thereafter it may not be re-copied, reproduced, or otherwise distributed. All copyright and other proprietary notices must be retained. No license to publish, communicate, modify, commercialize or alter this document is granted. For reproduction or use of this publication beyond this limited license, permission must be sought from the publisher.