topic Re: Custon rules aplication control ? in Endpoint

Custon rules aplication control ?

lluner — Tue, 02 Dec 2025 14:23:17 GMT

Has anyone tested the custom rules in the application control? Honestly, I've tested everything and the custom rules don't work; only the rules defined in "app rules" work. For example: I want to create a rule that blocks all versions of Firefox.

Re: Custon rules aplication control ?

Chris_Atkinson — Wed, 03 Dec 2025 01:06:26 GMT

Can you please clarify what you define as being a "custom rule" and more specifically if this is being tested with / without HTTPS inspection and with what gateway version & JHF etc?

/Edit: Noted this is an Endpoint query.

Re: Custon rules aplication control ?

the_rock — Tue, 02 Dec 2025 15:33:13 GMT

Hey brother,

Mind sending a screenshot as an example of what you tested?

Re: Custon rules aplication control ?

lluner — Tue, 02 Dec 2025 15:50:06 GMT

@Chris_Atkinson

These custom rules don't work; only the app rules work. See the images below.

Re: Custon rules aplication control ?

Don_Paterson — Tue, 02 Dec 2025 17:30:15 GMT

EDIT:

My reply below is about the Check Point Security Gateway capabilities and not Harmony Endpoint App Control capabilities.

I wonder if AppScan could help here.

-------------------------

Works for me

R82

No https inspection

New connection - first time Firefox is used - no caching

Firefox browser is blocked.

Re: Custon rules aplication control ?

the_rock — Tue, 02 Dec 2025 17:21:45 GMT

I actually tried same in my lab Don and it also blocked incognito window, so definitely works. But, I have a feeling @lluner was referring to endpoint policy, just my impression based on what was posted.

Re: Custon rules aplication control ?

Don_Paterson — Tue, 02 Dec 2025 17:24:07 GMT

Ah, ooops. I didn't spot that it in the Endpoint forum.

Thanks for that.

Re: Custon rules aplication control ?

lluner — Tue, 02 Dec 2025 17:26:53 GMT

@the_rock

The issue is that the blocking occurs at the harmony endpoint, not at the gateway checkpoint.

Re: Custon rules aplication control ?

the_rock — Tue, 02 Dec 2025 17:28:03 GMT

Thats what I figured based on your screenshots. Did you open TAC case yet?

Re: Custon rules aplication control ?

lluner — Tue, 02 Dec 2025 17:40:30 GMT

@the_rock

I'm first trying to see if anyone can configure these settings and provide an example.

Re: Custon rules aplication control ?

the_rock — Tue, 02 Dec 2025 17:41:46 GMT

Let me ask one of my colleagues, have a call with him in few mins, he is very good with endpoint. Will update you after.

Re: Custon rules aplication control ?

lluner — Tue, 02 Dec 2025 17:48:09 GMT

@Don_Paterson

I've already tried using AppScan, and it works. The problem is that you need to create a custom rule for multiple versions of Adobe, Firefox, or 7-Zip. Using AppScan becomes impractical.

Re: Custon rules aplication control ?

the_rock — Tue, 02 Dec 2025 18:13:15 GMT

This is what my colleague showed me, not sure if you tried it or not.

Re: Custon rules aplication control ?

lluner — Tue, 02 Dec 2025 19:25:20 GMT

@the_rock

I've tried everything to block Adobe and other applications, but nothing works.

Re: Custon rules aplication control ?

the_rock — Tue, 02 Dec 2025 20:25:41 GMT

So regardless of which application you try, same result?

Re: Custon rules aplication control ?

lluner — Wed, 03 Dec 2025 11:12:44 GMT

@the_rock

Yes, I've tried everything. I tried following the manual exactly, but it doesn't work. It only works when I use AppScan, import the file, and then block it.

Configuring Application Permissions in the Application Control Policy

It only works by uploading the AppScan XML file. The "custom rules" option doesn't work at all.

Below are the application control logs using the AppScan XML file.

Re: Custon rules aplication control ?

the_rock — Wed, 03 Dec 2025 11:56:54 GMT

I would definitely open TAC case and reference this post.

Re: Custon rules aplication control ?

lluner — Wed, 03 Dec 2025 11:59:59 GMT

@the_rock

That's what I'm going to do; I've already opened a ticket with a partner. I'll keep you updated here.

Re: Custon rules aplication control ?

the_rock — Wed, 03 Dec 2025 12:01:39 GMT

I will check with my colleague again, but I can tell by the things you post and try about harmony endpoint, that you are very FAMILIAR with it, so I trust all you did. Please keep us posted.

Excellent work, as always.

Re: Custon rules aplication control ?

RS_Daniel — Wed, 03 Dec 2025 12:31:21 GMT

Hello,

We usually block apps using the field Issued To, and that blocks all versiones of the app. You can check on a couple diferent versions of firefox to check if the cert matchs just to double check. In some tests, we saw that the "Application Name" field is actually the name of the process running on windows, so for adobe i think you can use "Acrobat.exe" on your rule. Attaching an example to block opera. HTH.