Security Controls

Application Control Overview


The Application Control features available in Security Controls include:

Executable Control

Privilege Management

Browser Control

You can choose which features you want to use. For information on enabling or disabling certain Application Control features, see Application Control Configuration Settings


The benefits of using Application Control are:

Reduces risk and helps achieve compliance by protecting against ransomware, targeted attacks, zero-day exploits, advanced persistent threats and malicious code that tries to execute in your environment.

Provides granular privilege management enabling you to implement 'least privilege' access and eliminate local admin accounts while still giving users the privileges that they need to do their job. The privilege level of a user, group or role can be elevated or reduced on a per application and Windows component basis.

Allows you to manage application access and privilege management across your desktop and server estate with low administration overhead through the use of an extensive and flexible rules engine. Ivanti Application Control can protect systems without the need for complex lists or constant management.

Delivers security without impacting productivity with minimal performance impact to end users. On-Demand change requests enables end users to ask for emergency privilege elevation or application access in situations where productivity is affected.

Enforces Microsoft per-device licensing. By controlling which users or devices have permission to run named applications, limits can be placed on the number of application instances, which devices or users can run the application, the timing of when users run a program and for how long.

Provides the ability to control outbound network connections by IP Address, Host Name, URL, UNC or Port, based on the outcome of the rules processing, to prevent access to insecure network resources.


The Application Control features are set up and saved in a configuration. The configuration is then assigned to an agent policy. The agent policy is assigned to an agent for deployment to managed endpoints. Use the Configuration Editor to define Configuration Settings, Rule Collections, and Rule Sets.

Application Control Configurations can be exported - select the configuration in the Application Control Configurations Navigation pane, right-click and select Export.
To import a previously exported configuration, or an Ivanti Application Control configuration, select the Import menu > Application Control Configuration. The file type can be *.acconfig or *.aamp.

For further information on importing the Application Control configuration please see this Knowledge Article on the Ivanti Community.

The Application Control workflow is as follows:

Related Topics

About Executable Control

Privilege Management

About Browser Control

Application Control Configuration Settings

Enabling Application Control

Activating Security Controls

Was this article useful?