Using Tools, Application Control
The Tools module consists of administrative tools for administrators to manage database information.
Details of the individual tools are provided in a separate section of the help at Tools.
The Tools module consists of a collection of administrative tools for performing Ivanti Device and Application Control application user, file group, file authorization and database administration actions.
User administrative actions include:
- Defining global system options.
- Defining Ivanti Device and Application Control administrators.
- Authorizing administrative users to disable Application Control using endpoint maintenance tickets.
File authorization administrative actions include:
- Authorizing file use with path rules.
- Controlling the malicious spread of locally authorized files using a spread check tool.
- Exporting lists of authorized files to Ivanti Device and Application Control clients.
- Distributing file authorization updates to client computers.
Database administrative actions include:
- Managing the information retained in the Ivanti Device and Application Control database with a database cleanup tool.
- Adding computers to an existing workgroup by synchronizing domain information.
- Synchronizing Domains
You must regularly synchronize individual computers and Windows domain users with the domain controller to maintain accurate database user and domain information.
- Database Clean Up
You can use the Database Maintenance tool to remove obsolete database records that use storage capacity.
- Defining User Access
The Management Console can only be accessed by authorized network administrators.
- Defining Default Options
- Managing Path Rules
For some applications, Application Control based on file signatures does not work. Ivanti Device and Application Control allows you to authorize executable files to run from a specified file path, without checking for authorization from a central listing.
- Defining Spread Check
Ivanti Device and Application Control provides a spread check tool to prevent the malicious spread of locally authorized files.
- Sending Permissions and File Authorization Updates to Computers
You must send file authorization changes to servers and computers protected by Application Control.
- Exporting Permissions and File Authorization Settings
You can export file authorization settings lists to a target computer.
- Working with Endpoint Maintenance
The Endpoint Maintenance feature generates an endpoint maintenance ticket that provides provisional permission to modify, repair, or remove the client, registry keys, or special directories. The endpoint maintenance ticket is then sent to a specific computer or user.
- CPA Compliance Mode Configuration Window
Use this window to configure all endpoints assigned Application Control policies to meet the UK CESG's Computer Product Assurance (CPA) compliance requirements for Endpoint Lockdown and Control.