Overview

Security policies often require that devices run specific applications. Admins can use SonicWall Cloud Secure Edge (CSE) to enforce these policies by adding the Application Check Trust Factor to a relevant Trust Profile. Admins can establish a list of applications required to be running on devices in their organization, and they can specify whether these must be running (e.g., by selecting Mandatory on the Trust Profile).

Adding a mandatory application

The steps below cover how to add CrowdStrike as a mandatory application for your organization. You can extend these steps to other applications and scenarios.

1. Navigate from Trust > Profiles.

2. Open an existing Trust Profile or select + Create Profile.

3. Under the Trust Factors tab, add Application Check.

• Enter the Application Name (e.g., CrowdStrike Falcon).
• Determine whether or not the app is Mandatory. If Yes, then the device Trust Level will be set to Always Deny if the app is not running. If No, then device access will be allowed, but the device Trust Level will be reduced accordingly if the app is not running.
• Enter the process name (one per platform) that should be running on a device (such as falcond). See a list of common apps and their corresponding patterns below.

For apps that have variable process names, use regex pattern matching. For example, the Cisco Umbrella app has multiple process names depending on the app version running on a device, such as RoamingClientmenubar and umbrellamenu. In this scenario, you would enter /(umbrellamenu|RoamingClientmenubar)/ to match both process names accordingly.

5. Select Save.

Process Names for Common Applications #

The table below lists common preferred applications and their corresponding patterns.

Device Management

Endpoint Security

Internet Gateway (including CASB)

How Cloud Secure Edge Collects the Application Check Trust Factor