Utilization Guide - Ivanti Application Control for Linux

This is an introduction to the utilization of Ivanti Application Control for Linux. Linked help topics describe how to configure and maintain the configuration settings available via the web console, and the logic of how polices and rules are applied. Maintenance information may help you debug or troubleshoot configuration across the component parts of your system.

The content is intended for system administrators.

Installation help is available from the User Workspace Manager help system (link will open in a new window).

Application Control for Linux Features

Application Control for Linux is highly configurable. Its powerful features include the following in the 2021.4.1 release:

Local Allowlist Changes

This is an RPM package and GPG keys extractor:

  • Can be found here: Devices > Details for device... > Device Contents

  • Once the device and backend connection have been established, the information will start to flow and collect on the backend and DB side.

The Refresh RPM information button is an on-demand action that will refresh the table when new keys or new RPM packages have been added to the Linux endpoint.

AC Server Console Debug

The console debug information has been updated:

  • The back-end log information is now stored locally as well as in the database and the console view.

  • The local disk log can be found here: C:\ProgramData\Ivanti\ACServer and the log name format is: ACServerLogxxxxx.txt

  • Modify file C:\Program Files\Ivanti\ACServer\AC Server\appsettings.json for verbosity of the log here:


"Serilog": {

"Using": [




"MinimumLevel": "Debug", <--- modify this

"WriteTo": [

  • From low to high, these are: Verbose, Debug, Information, Warning, Error, Fatal.

  • The database table that stores the header of the info in this local log is: dbo.Logs

  • The console view of this log can be found here: Advanced Settings tab > Server Logs

Be advised that after 1500000 entries in this viewer, loading times of the page might increase up to 15 minutes

AC Server Manifest/Agent/Engine Automatic Deployment

Automatic deployment is available on Centos 8 and Redhat 8 but not available on Oracle 8.

The engine will be deployed in max 15 minutes from the request issued (yes that means auto install of the engine for your convenience).

Once the agent has been deployed by hand on the Linux Endpoint , and the register command has been issued , the agent will verify engine presence. If the engine is not found , you will be notified by an auto-update command.

The master installer is shipped with the latest agent and engine rpms , these are located here:

C:\Program Files\Ivanti\ACServer\AC Server\HostedFiles

Installation information is found in the UWM documentation.

AC Server Converted to IIS Web Site

The Application Control Linux server has been converted from an executable to an IIS Web Site. With this conversion, the AF server remains an executable.

IIS management tools need to be installed on the server prior to AC for Linux master installer deployment.

The order of execution is :

  1. Install master installer.

  2. Access the website in your browser https://localhost:5001.

  3. Start the AF Server executable using "run as admin ".

The first time you are accessing the website via https://localhost:5001, the database will also be automatically created, and, for the first access only, the loading time will be between 5 and 10 minutes.

Some usefull logs to look into


Related Topics:



Installation (opens UWM Help)