Main Features of Ivanti Application Control

The main features of Ivanti Application Control include managed policies, trust mechanisms, memory protection, the Application Library, and event log queries.

Managed Policies

• Easy Auditor - scans endpoints and creates whitelists of installed applications; records execution of non-whitelisted applications.
• Easy Lockdown - scans endpoints and creates whitelists of installed applications; blocks non-whitelisted applications from installing or running.
• Supplemental Easy Lockdown/Auditor - adds applications to an endpoint's whitelist after Easy Auditor or Easy Lockdown.
• Denied Applications - creates a centralized blacklist of applications that are not allowed to run.

Trust Mechanisms

• Trusted Updater - automatically adds files to an endpoint's whitelist of permitted applications.
• Trusted Publisher - allows executable files with a digital certificate from a trusted source to run.
• Trusted Path - allows executable files in a specified file system path to run.
• Local Authorization - allows specified users to authorize non-authorized applications.

Memory Protection

• Memory Injection Policies monitor running processes for reflective memory injection, where external (possibly malicious) code is executed within an authorized process.
• Policies can run in Audit mode or exclude known good files that use memory injection as part of their normal operation.

Application Library

• Organizes executable files into relevant applications and application groups.
• Helps assign policies to files, applications, and application groups.

Event Log Queries

• Predefined query types can be run against specified endpoints or groups.
• Logs provide information to shape effective application control policies.