Introduction

Ivanti Application Control allows you to quickly identify all applications running in your environment and prevent the installation and execution of any unwanted, untrusted, or malicious applications— without relying on the latest antivirus definitions and vulnerability patches.

How Does Application Control Work?

Application Control prevents malware and zero-day attacks with limited disruption to your organization's productivity. This enables you to establish and maintain a secure environment while also minimizing your administrative workload.

The following are the key principles that drive Application Control:

Application Whitelisting

Manage the applications in your environment by creating and enforcing an endpoint whitelist, which is a list of the executables that are allowed to run on a specified endpoint. You create the initial whitelist using Easy Auditor, which scans the endpoint to compile the list of executables.

Central Application Authorization

After the endpoint scan completes, the list of executables appears in the Application Library so that you can organize them into Applications and Application Groups. You can then authorize the files for additional users or groups, or add the files to a Denied Applications Policy to prevent certain users or groups from executing them.

Change Management Policies

Use policies to manage changes in your applications such as update releases and user requests for new applications.

  • Supplement the endpoint whitelist with a Supplemental Easy Lockdown/Auditor policy.

  • Update the whitelist automatically with a Trusted Updater to minimize your workload. Updaters install new applications and patch existing applications. They can also update the endpoint whitelist if you have allowed them to make endpoint changes.

  • Use Trusted Change policies to allow specific files to execute.

  • Implement Local Authorization policies to allow end users to authorize applications themselves. You can still choose to add those files to the whitelist or to the Denied Applications group, overriding the end user's decision.

Endpoint Oversight

You can monitor endpoint activity with Application Event Log Queries and update policies as needed to authorize or deny executables.

Advanced Memory Protection

Application Control includes advanced Memory Protection to defend against memory-based attacks in unpatched systems. Memory-based attacks never touch the host hard drive, so they are undetectable by file-based security systems like antivirus and application whitelisting. The Advanced Memory Protection feature provides extra defense against these prevalent attacks.