Application Control at a Glance

Ivanti Application Control is a module that allows an administrator to authorize or block applications running on a network.

Benefits

  • Uses application whitelisting, a security approach that allows only authorized applications to run.
  • Blocks applications that are regarded as dangerous, unnecessary, or unproductive.
  • Automates the process of maintaining and updating the authorized applications.
  • Provides another layer of the defense in depth afforded by Ivanti Endpoint Security.
  • Gives administrators complete visibility into all applications currently residing on network endpoints.
  • Automatically blocks zero-day attacks, without waiting for the latest anti-virus definitions and patches.
  • Provides continuous protection against reflective memory injection attacks.

Key Terms

Application Control: A Ivanti Endpoint Security module that helps prevent the execution of malicious code and unwanted, unproductive software on a network. This module uses a security approach called application whitelisting, which allows only authorized applications to run on endpoints such as laptops, desktops, servers, and other IT resources.

application whitelisting: The security approach used by Ivanti Application Control to prevent the execution of malicious code and unwanted software by only allowing authorized applications to run. Such applications are either on an endpoint whitelist or permitted by a trust mechanism.

Easy Auditor: A managed policy that scans an endpoint and authorizes the applications it finds by creating a whitelist of those applications. It does not block other applications from subsequently installing and/or running, but it does not add these later applications to the whitelist.

Easy Lockdown: A managed policy that scans an endpoint and authorizes the applications it finds by creating a whitelist of those applications. It blocks other applications from subsequently installing or running, thereby enforcing application control.

Trusted Change policy: Any of the four policies that use the concept of trusted change to manage and authorize applications that are not on an endpoint’s whitelist. These policies include Trusted Updater, Trusted Publisher, Trusted Path, and Local Authorization.

Managed Policy: An application control policy that creates or supplements a whitelist of authorized applications, or a blacklist of blocked applications. These policies include Easy Auditor, Easy Lockdown, Supplemental Easy Lockdown/Auditor, and Denied Applications.

Application Library: A central area for managing all applications and executable files under application control. The Application Library is populated when an application scan is performed during Easy Auditor or Easy Lockdown. The administrator can then organize the executable files into applications and application groups.

application control log: A log that records Ivanti Application Control events for a given set of endpoints. These events include applications being allowed to run or being blocked by specific Ivanti Application Control policies. The application control log is an important tool for introducing, implementing, and maintaining application control in the enterprise.

blacklist: A centralized list of executable files (stored in the form of hash values) that are forbidden to run on endpoints under application control.

Reflective Memory Injection: A technique for executing external code within an authorized process, bypassing an endpoint’s whitelist enforcement mechanism. This is sometimes (though not always) the result of a malware attack.

Memory Injection Policy: An Application Control policy that monitors running processes for reflective memory injection. It can be configured to audit and/or stop a process when memory injection is detected.