App Control Overview

The App Control Overview page displays charts for you to gain an overall insight in to the App Control performance. You can use this data to build and fine tune your configuration rules.

The charts on this page are populated when you have deployed a configuration. Allow one day to pass for App Control to gather enough data to show in the charts. The data refreshes every hour, outside of the working hours for the regions, for example, between 8pm and 4am. Click into any chart to drill down for further detail.

The page has three sections:

Applications Executed

This charts section contains the following:

Applications executed with untrusted owners (top 5)

The chart shows the top 5 applications that have been executed whose file owner is not trusted and has been, or would have been, blocked by App Control's Trusted Ownership. Use the drop-down selector to change the chart from Applications to All files. Click on the chart to drill down to see the top 20 applications and more granular detail. The Applications executed with untrusted owners page appears. The file is listed, together with the number of executions and the number of users attempting execution.

From here you can create an Allow Rule for any of the files that have been executed without trusted ownership.

  1. In the Actions column, click the ellipsis icon icon, then select + Create Rule.
    The Select a Configuration dialog appears.
  2. From the drop-down, select the configuration that you want to create and add the rule to.
  3. Click Create Rule.
    The Configuration Allow Rule - What do you want to allow? page appears.
  4. For instructions on how to create an Allow Rule, refer to Allow/Deny Rule.

Alternatively, you can click on a File to identify which users executed the file, together with the file owner and file path, last execution date and time, and the number of executions. You can then proceed to create an Allow Rule for the selected file by following the steps above.

Applications executed with elevated privileges (top 5)

The chart shows the top 5 applications that have been elevated via the Windows Run as Administrator option. Click on the chart to drill down to see the top 20 applications and more granular detail. The Applications executed with elevated privileges page appears. The file is listed, together with the number of executions and the number of users attempting execution.

From here you can create an Elevate Rule for any of the items that have been executed with elevated privileges.

  1. In the Actions column, click the ellipsis icon icon, then select + Create Rule.
    The Select a Configuration dialog appears.
  2. From the drop-down, select the configuration that you want to create and add the rule to.
  3. Click Create Rule.
    The Configuration Elevate Rule - What do you want to elevate? page appears.

  4. For instructions on how to create an Elevate Rule, refer to Elevate Rule.

Alternatively, you can click on a File to identify which users executed the file, together with the file owner and file path, last execution date and time, and the number of executions. You can then proceed to create an Elevate Rule for the selected file by following the steps above.

Deployment indicator

The Deployment indicator displays the total number of devices that have been discovered by Ivanti Neurons and the number of those that have an Ivanti Neurons agent installed, with an Agent Policy which has the App Control Capability enabled, and an App Control configuration successfully deployed.

Click on the progress bar to display the Deployment page.

Deployment page

The Deployment page lists all discovered devices, with details of the Device Name, Display Name, IP Address, OS and version, whether the App Control capability is enabled, and the assigned Policy.

If the column Has App Control capability shows a red cross , it means that the device does not have a policy with the App Control capability enabled.

Go to Agents > Agent Policies to create or select a policy and select the App Control capability.
To enable the capability you need to have an App Control configuration ready to assign to the policy. This configuration can be edited at a later date if needs be.

The device receives the new/updated policy when it next checks in. The Has App Control capability column should then show a green tick .

  1. Click on the Deployment indicator status bar.
    The Deployment page appears.
  2. Click on a Device Name.
    The Devices > Device Overview page appears.

Learn more about Device details.

  1. Click on the Deployment indicator status bar.
    The Deployment page appears.
  2. Click on a Policy Name.
    The Agents > Agent Policies > Agent Policy > Capabilities page appears.

Learn more about Agent Policy Capabilities.

Product Performance

The Product Performance charts provide an insight into your users application behavior. Click anywhere on a chart to drill down to see user information and more granular detail. The following data is reported on:

Denied Executions over time: This chart shows the number of application executions that have been denied when running App Control with the security level Restricted. The results are based on either trusted ownership or configuration deny rules, for the selected period of time. The default is to show daily denials over the last 30 days, you can customize the time period to the last 7 days, or monthly over the last 3 or 6 months.

Privilege Elevations over time: This chart shows the number of application executions that have been elevated by App Control, based on the configuration elevate rules, for the selected period of time. The default is to show daily elevations over the last 30 days, you can customize the time period to the last 7 days, or monthly over the last 3 or 6 months.

Denied Executions by Vendor: This chart shows the number of application executions by vendor that have been denied over the last 30 days, either based on trusted ownership or configuration deny rules.