Control Policy and Lockdown Rule Types

Using the ZeroLock® Management Console (ZMC) seven (7) rule types are available to the administrator for enacting Control Policies and Lockdowns of the system.

1. SSH-MFA:  Secure Shell Multi-Factor Authentication allows for restricting SSH access on ZeroLock-protected systems and can require two-factor authentication for user connections.
2. HASH:  One of the most challenging tasks in system administration is restricting the usage of specific applications, and ZeroLock facilitates the performance of this task efficiently. Using this feature, you can block or allow the required applications or executables and apply these restrictions to particular endpoints. Using a HASH, you can also clear false positives.
3. Canary File:  Canary files help with protection against ransomware by rapidly identifying that an infection has occurred. Canary files are like a canary in a coal mine: a sacrificial test to indicate a hazard. Canary files, and files on canary shares, look desirable for ransomware to infect but are not valuable to the business. 
4. File Access:  File access rules allow the system administrator to limit the actions performed on a system file and by whom.
5. Network Access:  Network access rules allow the system administrator to restrict what process has access to networking functionality. Incoming and or outbound network traffic can be limited.
6. Program Execution:  What programs are executed on a system can be restricted by the system administrator using Program Execution rules.
7. Ordered Ruleset: Are Lockdown rule types that allow multiple rules, evaluated in a specific order, to be added as a single rule. The system compares a proposed action to the first rule if it meets that rule's criteria, the processing of the action stops, if it doesn't, it goes to the following rule, etc.   Lockdown rules allow the administrator to easily add groups of rules to multiple policies knowing that they will be processed in the required order.