How Ivanti Application Control Works

An administrator usually begins the Ivanti Application Control process by removing any malware from a select group of endpoints and applying an Easy Auditor policy. This is followed by an evaluation period when trusted change policies can be defined, applied, and monitored. When conditions are right, an Easy Lockdown policy is applied, which restricts the installation of new applications to those permitted by trust mechanisms.

Clean Endpoints With AntiVirus

Clean: Scan endpoints for malware with Ivanti AntiVirus or other antivirus program.

Apply Easy Auditor

Discover: Apply Easy Auditor to selected endpoints, with logging enabled. This builds a whitelist of existing application files without blocking new applications or updates to existing ones. These files are also added to Application Library where they can be organized into applications and application groups.

Apply Trusted Change Policies

Define: Create and apply trusted change policies (Trusted Publisher, Trusted Updater, Trusted Path). Usage logs will now record changes that were authorized by these trusted change mechanisms.

Monitor Application Control Behavior

Monitor: Review application control logs daily to see which applications would be blocked if enforcement was enabled. Adjust trust policies and use Local Authorization if needed in the transition to lockdown.

Apply Easy Lockdown

Enforce: Applying Easy Lockdown creates a new whitelist of installed applications and blocks the installation or upgrading of applications, except for those specified by trusted change policies.

Important: Easy Lockdown is a crucial phase in application control and should only be applied when you are confident that it will not adversely affect endpoints or users.

Maintain Application Control Policies

Manage: Continue monitoring the network and maintaining trusted change and Supplemental Easy Lockdown/Auditor policies that keep all required software running and up to date. This approach reduces the administrative overhead in maintaining application control.