App Control Overview

The App Control Overview page displays charts for you to gain an overall insight in to the App Control performance. You can use this data to build and fine tune your configuration rules.

The charts on this page are populated when you have deployed a configuration. Allow one day to pass for App Control to gather enough data to show in the charts. The data refreshes every hour, outside of the working hours for the regions, for example, between 8pm and 4am. Click into any chart to drill down for further detail.

The page has three sections:

Applications Executed

This charts section contains the following:

Applications executed with untrusted owners (top 5)

The chart shows the top 5 applications that have been executed whose file owner is not trusted and has been, or would have been, blocked by App Control's Trusted Ownership. Use the drop-down selector to change the chart data from Applications to All files, and the time range drop-down selector to change the time period of the application capture, select from the last day (from 00:00 previous day), 3 days, 7 days, 14 days and the default of the last 30 days. Click on the chart to drill down to see the top 20 applications and more granular detail. The Applications executed with untrusted owners page appears. The file is listed, together with the number of executions and the number of users attempting execution. If you have changed the time period it persists through the drill down.

On the Applications executed with untrusted owners page, you have the following actions:

  • Create Rule: Select the files for which you want to create an Allow Rule. Click Actions > Create Rule. Follow the steps in Create an Allow Rule for any of the files that have been executed without trusted ownership.
  • Hide: Select an item to hide from the results. Click Actions > Hide. You may want to hide files/applications from the list that you have already included in a rule.
  • Unhide: Select the Show Hidden Files/Applications check box, the Hidden column displays in the table and all hidden files/applications are shown. Select the items you want to unhide, click Actions > Unhide.
  • File Name drill-down: Click on a File Name to see further file details, such as information to identify which users executed the file, together with the file owner and file path, last execution date and time, and the number of executions.
    Select the files for which you want to create an Allow Rule. Click Actions > Create Rule. Follow the steps in Create an Allow Rule for any of the files that have been executed without trusted ownership.
  • File Name expand: Click the right arrow iconicon next to a file to expand the file information to see the product versions, parent processes, file paths, product and company names, number of users and number of executions.
    Select the Parent Processes for which you want to create an Allow Rule. Click Actions > Create Rule. Follow the steps in Create an Allow Rule for any of the files that have been executed without trusted ownership.. The selected Parent Process is populated in the When stage of the rule creation.

Applications executed with elevated privileges (top 5)

The chart shows the top 5 applications that have been elevated via the Windows Run as Administrator option. Use the drop-down selector to change the time period of the application capture, select from the last day (from 00:00 previous day), 3 days, 7 days, 14 days and the default of the last 30 days. Click on the chart to drill down to see the top 20 applications and more granular detail. The Applications executed with elevated privileges page appears. The file is listed, together with the number of executions and the number of users attempting execution. If you have changed the time period it persists through the drill down.

On the Applications executed with elevated privileges page, you have the following actions:

  • File Name drill-down: Click on a File Name to see further file details, such as information to identify which users executed the file, together with the file owner and file path, last execution date and time, and the number of executions.
    Select the files for which you want to create an Elevate Rule. Click Actions > Create Rule. Follow the steps in Create an Elevate Rule for any of the items that have been executed with elevated privileges.
  • File Name expand: Click the right arrow iconicon next to a file to expand the file information to see the product versions, parent processes, file paths, product and company names, number of users and number of executions.
    Select the Parent Processes for which you want to create an Elevate Rule. Click Actions > Create Rule. Follow the steps in Create an Elevate Rule for any of the items that have been executed with elevated privileges.. The selected Parent Process is populated in the When stage of the rule creation.

Deployment indicator

The Deployment indicator displays the total number of devices that have been discovered by Ivanti Neurons and the number of those that have an Ivanti Neurons agent installed, with an Agent Policy which has the App Control Capability enabled, and an App Control configuration successfully deployed.

Click on the progress bar to display the Deployment page.

Deployment page

The Deployment page lists all discovered devices, with details of the Device Name, Display Name, IP Address, OS and version, whether the App Control capability is enabled, and the assigned Policy.

Product Performance

The Product Performance charts provide an insight into your users application behavior. Click anywhere on a chart to drill-down to see user information and more granular detail. The following charts are available:

Denied Executions over time

This chart shows the number of application executions that have been denied when running App Control with the security level Restricted. The results are based on either trusted ownership or configuration deny rules, for the selected period of time. The default is to show daily denials over the last 30 days, you can customize the time period to the last 7 days, or monthly over the last 3 or 6 months.

Denied Executions by vendor

This chart shows the number of application executions by vendor that have been denied over the last 30 days, either based on trusted ownership or configuration deny rules.

Privilege Elevations over time

This chart shows the number of application executions that have been elevated by App Control, based on the configuration elevate rules, for the selected period of time. The default is to show daily elevations over the last 30 days, you can customize the time period to the last 7 days, or monthly over the last 3 or 6 months.

Self-elevations over time

This chart shows the number of application executions that have been elevated based on the configuration self-elevate rules, for the selected period of time. The default is to show daily elevations over the last 30 days, you can customize the time period to the last 7 days, or monthly over the last 3 or 6 months.