Utilization Guide - Ivanti Application Control for Linux

This is an introduction to the utilization of Ivanti Application Control for Linux. Linked help topics describe how to configure and maintain the configuration settings available via the web console, and the logic of how polices and rules are applied. Maintenance information may help you debug or troubleshoot configuration across the component parts of your system.

The content is intended for system administrators.

Installation help is available from the User Workspace Manager help system (link will open in a new window).

Application Control for Linux New Features

Application Control for Linux is highly configurable. Its powerful features include the following in the 2022.1 release:

Ivanti Application Control Server.exe converted to Windows service

Similarly to the AC Server component that was converted to an IIS site in the 2021.4 release, the AF Server is now a Windows Service that can be automatically started, it does not need to continuously run on the desktop any longer.

Ivanti Application Control Server Relay Service that helps communicate with Endpoints has been implemented.

This is will start automatically once the Ivanti Application Control backend has been installed and at each server restart.

New "Restrict Log" tab

Replacing the deprecated Debug Info tab on the device details, the new Restrict Log shows all the information pertaining to restrictions on the device in a new, filterable format. Administrators can now easily sort through and search the events that show what as been restricted as part of the policy.

If you have upgraded from 2021.4 to 2022.1, you can still find your Debug Info logs in the ACDatabase, under dbo.DebugInfo , via an sql querry. However, the old data will not be displayed in the console due to new formatting

Support for RedHat Enterprise Linux 7 and CentOS 7Linux

In addition to supporting RedHat Enterprise Linux 8, CentOS 8 and Oracle 8 we have added support for RedHat Enterprise Linux 7 and CentOS 7. Both operating systems are supported for install and upgrade via manifest.

Windows Authentication for Database creation and access

Creation of and access to the AcDatabase, required by Ivanti Application Control for Linux is now achieved via a Windows authenticated account. The account must be created in the SQL Server prior to the installation of Ivanti Application Control for Linux 2022.1 and it requires the ‘dbcreator’ role. For further information, please see the Installation guide.

Please note:

  • We support both Windows Authentication and Sequal Authentication towards MSSQL DB servers

For WINAUTH , the most secure way to implement is against a preconfigured database login. Please note that your database admin needs to configure the login before installing Application Control for Linux 2022.1.

The account needs to be in the format of Domain\BackendName$ and to be a dbcreator.

  • The Application Control Server is now no longer a stand alone executable . This has been ported into IIS and is configured to not only start the main console, but also, with WINAUTH configured, to automatically create the database for Ivanti Application Control for Linux, called AcDatabase.

Bulk registered device import

For 2022.1, we can import bulk registered devices into groups from the Registered Devices list in the console via the Device Groups.

Time zone improvements

Both the device local date and UTC are now stored in the backend for all incoming logs as well as displayed in the database. These are normalized for all logs across Application Control for Linux.

Linux Device information displayed in console

With this release, the name and structure of your Linux Device and the executable files are displayed in the Application Control for Linux console, under Details for device > Device Contents > Executable Files.

Please note that for folders that contain over 20,000 executable files the time to display can be up to 10 minutes. The browser will ask if you want to wait or close the window and we suggest Wait for the page to load.

Improved data collection and display

For Application Control for Linux 2022.1, all of the data stored in the database has been normalized or standardized for display in the console. Those that were formerly not fully displayed for formatting, lengths, special characters and other reasons, are now fully accessible.

Improved information access

On the Home page of the Ivanti Application Control for Linux Console the links to the Ivanti Application Control for Linux Online Help page, The Ivanti Support Portal and the Ivanti Community link have been provided for easier access to information resources.

Some useful logs to look into

Troubleshooting

Related Topics:

Configuration

Maintenance

Installation (opens UWM Help)

Previous Releases