What's new in Application Control?

2022.1

In addition to code enhancements and bug fixes the following features are included:

Windows 11 and Server 2022 OS Conditions

2022.1 includes Operating System conditional support for both Windows 11 and Server 2022. Please refer to the following documents for further information on our Windows version support:

UWM Windows 10 and Server OS Support Statement

UWM Windows 11 Support Statement

Extended Policy Change Request feature to integrate with ServiceNow

In addition to the 2021.3 release, including the ability to integrate the Policy Change Request feature with Ivanti Neurons for ITSM, 2022.1 adds extends this capability to integrate with ServiceNow. This means that Administrators can configure the capability for users to create a record in their ServiceNow instance to request alterations to the policy currently affecting the users’ ServiceNow workspace.

Refer to Policy Change Requests for further general information and see Policy Change Requests - ServiceNow Integration for specific information.

Standardize Delimiters for ExProcessName and DriverHookEx Custom Settings

The ExProcessName and DriverHookEx custom settings have, in the past accepted different delimiters for lists of filenames/applications. This release sees them standardised to both accept semi-colons as the delimiter. For backwards-compatability, ExProcessName will continue to accept spaces.

Refer to Advanced Settings - Available Custom Settings for further information.

Privilege Discovery Event for Windows Control Panel Components

A new event ID – 9064 has been added to track executable-based Windows Components specifically, rather than tracking them in the 9062 events. These are visible in the Event Viewer and a new view exists to display these specifically, it is called ‘Privilege Discovery (Windows Components)’. Please note, non-executable-based Windows components cannot be tracked with this event type.

Refer to Event Viewer for further information.

Improved Handling of AC PowerShell with -command

2021.3 Hotfix 1 addressed a defect – 87234 (PowerShell script incorrectly denied). It prevented ps1 files from being executed if they had the -command included as this could be used to circumvent the intended behaviour of Application Control. It has subsequently been noted that when running a ps1 file from Explorer, the -command is used to prompt the user that they are running an unsigned file which might be dangerous. The fix we implemented undermined this behaviour so with the 2022.1 release we have added an additional option in the advanced settings dialogue. This enables the user to toggle strict -command checking. For new configurations, this setting will be on by default. For existing configurations, the setting will be off (to preserve existing behaviour). Customer upgrading from 2021.3 HF1 should check their configuration to ensure everything is as expected.

Refer to Advanced Settings for further information.

Improvements to Advanced/ Removable Media handling

Customers have reported that the option under Advanced Settings regarding removable media is not clear. To clarify this, the setting that was known as ‘Deny files on removable media’ has been renamed to ‘Use Signature Rules only to allow files on removable media’. In addition, when this option is disabled, the owner of the file being executed on removable media will be ignored and the request will not be trusted. An explicit rule allowing an untrusted file is required in the configuration to execute from removable media. See the documentation for more details.

Refer to Advanced Settings

Previous Versions