Application Control Methodology

In this section:

• About File, Macro, and Script Execution Control
• Identifying DLL Dependencies
• Maintaining Application Control

Application Control operates on the basis that software application use is explicitly denied unless previously authorized by an administrator.

Application Control is an operating system software application extension that enforces strict control over which executable files, scripts, and macros can be run. An administrator initially creates, and then maintains, a centralized list of authorized applications that users or user groups are explicitly designated to run. This ensures that only applications that have been previously identified and authorized by a network administrator can be run by users. Any unauthorized software application, known or unknown, cannot run.

You can construct the initial central Application Control authorization list using a combination of tools available in the Management Console including the Authorization Wizard and Scan Explorer templates. However, there are other types of executable files, scripts, and macros that have unique Application Control authorization requirements, including embedded macros, scripts, and Dynamic-Link Library (DLL) executable files.