Using the Process Filter to control access to the Foldr drive (Windows)

March 23 UPDATE – In light of COVID-19 and heavy load.  Foldr administrators deploying the Windows app are recommended to use a WHITELIST.  This is to reduce the potential load on the Foldr server.

Introduction

The Foldr server provides the ability to control what client process / applications are allowed to interact with the Foldr drive in Windows and macOS.

It is recommended that security software such as antivirus real-time and scheduled scanning processes and software inventory tools are blocked/restricted as this could cause unnecessary load on the Foldr server and with numerous clients could causes high CPU usage on the Foldr server and a poor user experience for users.

There are two ways of configuring the process filter, either using a Whitelist (only these apps/processes are permitted) or a Blacklist (these apps/processes are not permitted)

Configuring a Whitelist

Navigate to Foldr Settings > Devices & Clients > Windows and scroll down enableto the Process Filter toggle.

Select Whitelist as the filter type and configure as required.

IMPORTANT – If explorer.exe isn’t permitted as a whitelisted process the drive will NOT mount.

The example below will allow the user to use Microsoft Word, Excel and PowerPoint (open / saving documents to the Foldr drive) – All other applications, processes including anti-virus will be silently revoked access.

Click SAVE CHANGES to commit the changes.

Should a user now try to interact with the drive using an non-whitelisted application, they will receive an Access Denied mesage.  See example for notepad.exe using the configuration above.

If the drive is in Network mode, no error is presented – the user simply won’t be able to select the drive in Explorer.

Configuring a Blacklist

Navigate to Foldr Settings > Devices & Clients > Windows and scroll down enableto the Process Filter toggle.

Select Blacklist as the filter type and enter the applications / processes you wish to restrcit.  The example below will allow all apps / processes but restrcit the EKRN (Eset) AV client and Notepad.exe from interacting with the drive.

Configuring Rules

There are three ways in which process filter entries are interpretted:

Exact Match by process name
Exact Path Match
Wildcard Path Match

The rules are discussed in more detail, below.

Exact match by process name:

Example:

test.exe

Would match the following filenames:

c:\sample\test.exe
d:\internal\files\test.exe

Exact path match:

Example:

c:\test\process.exe

Would match ONLY the following filename:

c:\test\process.exe

Wildcard path match:

Example:

c:\test\sample\*

Would match the following filenames:

c:\test\sample\test.exe
c:\test\sample\test2.exe
c:\test\sample\utility.exe

Wildcard Metacharacters:

The asterisk is supported when used at the end of a path.

eg: This matches any file in the specified directory.

C:\Some\directory\*

Windows environment variables are supported.

eg: This matches any file in the ‘directory’ within the user’s programs directory

%ProgramFiles%\directory\*

Note: The question mark is NOT supported.

Enabling Foldr apps for Specific Users / Groups

The Foldr administrator has granular control over what users are permitted to use specific Foldr apps.  Using app profiles the administrator can create separate profiles for different types of users, either enabling / disabling apps or security options for each app as required.  These profiles can be configured within Foldr Settings >Devices & Clients > App Profiles and these can be applied to individual user or domain groups.

Need more help?

Get in touch and we'll be happy to assist you, [email protected]

© Minnow IT. Registered in England and Wales with company number 07970411.

Made with in Bristol, UK

<