The Foldr server provides the ability to control what client process / applications are allowed to interact with the Foldr drive in Windows and macOS.
It is recommended that security software such as antivirus real-time and scheduled scanning processes and software inventory tools are blocked/restricted as this could cause unnecessary load on the Foldr server and with numerous clients could causes high CPU usage on the Foldr server and a poor user experience for users.
There are two ways of configuring the process filter, either using a Whitelist (only these apps/processes are permitted) or a Blacklist (these apps/processes are not permitted)
Configuring a Whitelist
Navigate to Foldr Settings > Devices & Clients > Windows and scroll down enableto the Process Filter toggle.
Select Whitelist as the filter type and configure as required.
IMPORTANT – If explorer.exe isn’t permitted as a whitelisted process the drive will NOT mount.
The example below will allow the user to use Microsoft Word, Excel and PowerPoint (open / saving documents to the Foldr drive) – All other applications, processes including anti-virus will be silently revoked access.
Click SAVE CHANGES to commit the changes.
Should a user now try to interact with the drive using an non-whitelisted application, they will receive an Access Denied mesage. See example for notepad.exe using the configuration above.
If the drive is in Network mode, no error is presented – the user simply won’t be able to select the drive in Explorer.
Configuring a Blacklist
Navigate to Foldr Settings > Devices & Clients > Windows and scroll down enableto the Process Filter toggle.
Select Blacklist as the filter type and enter the applications / processes you wish to restrcit. The example below will allow all apps / processes but restrcit the EKRN (Eset) AV client and Notepad.exe from interacting with the drive.
Configuring Rules
There are three ways in which process filter entries are interpretted:
Exact Match by process name
Exact Path Match
Wildcard Path Match
The rules are discussed in more detail, below.
Exact match by process name:
Example:
test.exe
Would match the following filenames:
c:\sample\test.exe
d:\internal\files\test.exe
Exact path match:
Example:
c:\test\process.exe
Would match ONLY the following filename:
c:\test\process.exe
Wildcard path match:
Example:
c:\test\sample\*
Would match the following filenames:
c:\test\sample\test.exe
c:\test\sample\test2.exe
c:\test\sample\utility.exe
Wildcard Metacharacters:
The asterisk is supported when used at the end of a path.
eg: This matches any file in the specified directory.
C:\Some\directory\*
Windows environment variables are supported.
eg: This matches any file in the ‘directory’ within the user’s programs directory
%ProgramFiles%\directory\*
Note: The question mark is NOT supported.
Enabling Foldr apps for Specific Users / Groups
The Foldr administrator has granular control over what users are permitted to use specific Foldr apps. Using app profiles the administrator can create separate profiles for different types of users, either enabling / disabling apps or security options for each app as required. These profiles can be configured within Foldr Settings >Devices & Clients > App Profiles and these can be applied to individual user or domain groups.