Product Overview

In this section:


Application Control main feature set includes:

  • Application Access Control
  • Application Network Access Control
  • Privilege Management

You can turn off any of these parts of functionality if they are not required. For example, you may not want to use Application Network Access Control.

To enable or disable certain Application Control functionality:

  1. In the Manage ribbon, Click Advanced Settings.

    The Policy Settings tab is displayed.

  2. In the Functionality region, select to enable or deselect to disable one or more of the following Application Control functionalities:
    • Application Access Control
    • Application Network Access Control
    • Privilege Management

    All the functionality options are selected by default.

  3. Click OK.


Application Control provides the following key features for application control:


The key benefits of using Application Control are:

  • Reduces risk and helps achieve compliance by protecting against ransomware, targeted attacks, zero-day exploits, advanced persistent threats and malicious code that tries to execute in your environment.

  • Provides granular privilege management enabling you to implement 'least privilege' access and eliminate local admin accounts while still giving users the privileges that they need to do their job. The privilege level of a user, group or role can be elevated or reduced on a per application and Windows component basis.

  • Allows you to manage application access and user privileges across your desktop and server estate with low administration overhead through the use of an extensive and flexible rules engine. Ivanti, Inc. Application Control can protect systems without the need for complex lists or constant management.

  • Delivers security without impacting productivity with minimal performance impact to end users. On-Demand change requests enables end users to ask for emergency privilege elevation or application access in situations where productivity is affected.

  • Enforces Microsoft per-device licensing. By controlling which users or devices have permission to run named applications, limits can be placed on the number of application instances, which devices or users can run the application, the timing of when users run a program and for how long.

  • Provides the ability to control outbound network connections by IP Address, Host Name, URL, UNC or Port, based on the outcome of the rules processing, to prevent access to insecure network resources.

  • Control network access from within applications, based on location.

Related topics