Preferred Applications

Automatically adjust TrustScores and enforce security policies based on whether specific applications are running on a device

This article describes features that are only available in the Banyan Business edition and Banyan Enterprise edition.

The Linux-RPM version of the Desktop App does not currently support TrustScoring for Org Preferred Apps.

Overview

Security policies often require that corporate devices run specific applications. You can use Banyan to enforce these policies via the Device TrustScores capability. Specifically, you can establish a list of applications required to be running on devices (desktops only) in your organization.

In Banyan TrustScoring, we called these “Preferred Applications” for an organization. You can specify whether your devices must have these Preferred Applications running (ie, Mandatory Preferred Applications) or if users can receive partial credit for having a subset of Preferred Applications running on their device.

Adding a Mandatory Preferred Application

The steps below cover how to add CrowdStrike as a Mandatory Preferred Application for your organization. You can extend these steps for other applications and scenarios.

  1. Navigate to Settings > TrustScore Settings > Device Scoring and then click Preferred Applications Running (desktop-only).

2. Click + Add App.

3. Configure the application details.

  • Enter the Application Name (such as CrowdStrike Falcon).
  • Determine whether or not the app is Mandatory. If Yes, then device access will be blocked if the app is not running. If No, then device access will be allowed, but the device TrustScore will be reduced accordingly.
  • Select the Platform(s) that require the preferred app. For this example, we’ll set the platform to macOS

4. Enter the process name (one per platform) that should be running on a device (such as falcond). See a list of common Preferred Apps and their corresponding patterns below.

For apps having process names that are variable or change regularly, you may use regex pattern matching. For example, the Cisco Umbrella app has multiple process names depending on the app version running on a device, such as RoamingClientmenubar and umbrellamenu. In this scenario, you would enter /(umbrellamenu|RoamingClientmenubar)/ to match both process names accordingly.

5. Click Save.

6. Optionally, apply the preferred applications Trust Factor to devices according to device ownership type.

Now, any macOS device in your organization must have CrowdStrike Falcon (process name falcond) running in order to access Banyan-protected services.

If a macOS device in your organization does not have CrowdStrike Falcon running, their Device TrustScore is reduced to 0 and their access to Banyan-protected services is blocked.

Process Names for Common Applications

The table below lists common Preferred Applications and their corresponding patterns.

If you use a different third-party application or would like to add tools that are not covered below, please let us know!

Device Management

App Name       macOS       Windows Linux      
JAMF jamfAgent n/a n/a

Endpoint Security

App Name       macOS       Windows Linux      
CarbonBlack CbOsxSensorService cb.exe cbdaemon
CrowdStrike falcond csagent.exe falcon-sensor
Windows Defender n/a msmpeng|savservice n/a

Internet Gateway (including CASB)

App Name       macOS       Windows Linux      
Cisco Umbrella umbrellamenu|RoamingClientmenubar    


Last modified: May 26, 2021