By defining what is known and allowed to execute on your terminal services environment, you're only allowing remote users to run authorised executable files thus preventing any interruption in the normal flow of your business if one user attempts to run unauthorised code and any malware including viruses and spyware.

Sanctuary Terminal Services Edition gives you total protection from unauthorised, illegal or unwanted applications. And it does so in a deceptively simple way. With Sanctuary, you define what is known and allowed to execute on your Terminal environment (Windows or Citrix). Everything else is denied by default. Only authorised programs will run on your Terminal environment, regardless of the source. Nothing else can get in.

Sanctuary calculates a cryptographic hash for each executable file. This 20-byte signature is generated using the well-known SHA-1 algorithm and serves to identify a particular file. This signature is calculated on the binary content of the executables itself instead of weak attributes such as file name or path, ensuring that only known and allowed will be executed. The signature is calculated at each and every launch of any executable code with no performance impact, delivering 100% reliability. Even if only one bit of the original file is modified it will not be allowed to execute on the host. Sanctuary Terminal Services Edition features an enhanced hash code computing that minimizes CPU usage on Terminal computers with an important number of concurrent users.

Sanctuary can be implemented in three easy steps:

1. After identifying the executable files that your users and Terminal computers need to have access to, you first authorise these files by generating a signature for each one of them in order to populate Sanctuary's database. Sanctuary provides the tools to quickly build your inventory of allowed executable files based on authorised Operating Systems and applications.

2. In order to easily manage authorised software, related executable files can be collected into File Groups.

3. Using your existing domain structure, you may authorize individual user or group access to the relevant file groups. You have the flexibility to simply secure your organisation's Terminal environment as a whole from all unwanted and unknown executables and, in addition, to definitively control user access to specific applications if desired. If your remote staff is using PC as access devices, Sanctuary Standard Edition will allow you to completely lock down and control any application execution throughout your organisation.

Because Sanctuary uses positive security model - not black list - it requires no constant administrative updates:

· It is only necessary to update the list of authorised executable files when new software is deployed.
· Sanctuary gives you the time to test and deploy system patches because the hosts are protected by default from newly discovered malware executables.
· If you need to change user rights, Sanctuary is capable of implementing those changes immediately and on the fly - no computer reboot is necessary.

There is no more racing to restore operations after an invasion - because invasions can't occur. There is no more repairing damage done by unwitting employees - because employees aren't allowed to execute what you don't want them to execute. There is no more incessant security updating, because protection is always there, built-in and impenetrable.

Immunity to new threats - The Whitelist Approach
Sanctuary positive approach makes the organisation immune to new threats, both internal as well as external, as all unknown applications will be denied execution. Sanctuary is the only solution on the market that solves, once and for all, all issues related to unlicensed applications, viruses and Trojans. The organization only has to focus on what it wants its users to run without having to worry about what will come next - there is no next with Sanctuary. It is possible to authorise application by path

Strong application Identification
Sanctuary's fingerprint (SHA-1) based application identification ensures the organiation that - without any doubt - end users can only execute legitimate applications.

Standard File Definitions (SFDs)
SFDs make you save time and effort in the maintenance of what executable files user/user groups can launch. Predefined Microsoft OS and most common applications lists can be used to pre-populate the database, reducing the initial effort to implement Sanctuary.

Application Management
Managing applications using different workstations is a time consuming and error prone task. With Sanctuary you can address this issue by grouping applications together and granting the right to execute to specific users/groups/computer. All Sanctuary Client start and stop actions are recorded.

Flexible Options
Sanctuary flexible options allow different rules to be applied to different units within the organisations. Global, as well as per user, per group and per computer options ensure that rules, and their exceptions, can be easily managed. Options, as well as all other information can be pushed to individual users and workstations and do not require a reboot. Sanctuary also includes support for automated authorisation of updates. Export and import authorisation lists and "serverless" installations supported.

Common Three-tier architecture
Sanctuary three-tier architecture is designed to scale to very large networks and require minimal deployment on the client side. Our kernel drivers come with built-in TCP clients and servers and do not require any other additional component (MDAC, ODBC, etc.).

Workgroup and Local User Support
Any and all components may be installed on computers that are part of a network (local user or domain). Permissions and options can be assigned to local users and groups. Both Windows Terminal Services and Citrix environments are supported. Domain and Novell eDirectory objects & Map Access Rights to users or user groups of an existing Active Directory.