How Do I . . .?: Start Using Application Control

Show Me!

A video tutorial is available on this topic. To access the video, click the following link:

Introduction to Application Control (7.22)

Overview Information

To start using the Application Control functionality follow the steps below:


Build a Configuration

A) Enable Functionality

Navigate to New > Application Control Configuration.

Select the functionality you want to enable, Executable Control, Privilege Management and Browser Control.

For details, see Application Control Configuration Settings

B) Define Rule Collections

You have the option to create a library of Rules, called Rule Collections, these can then be applied to Rule Sets.

Navigate to New > Application Control Configuration.

Select Rule Collections > Add Rule Collection

For details, see Rule Collections

C) Configure Rule Sets

Create Rule Sets for Groups, Users, Devices, Scripts or Processes.

Navigate to New > Application Control Configuration.

Select Rule Sets.

For details, see Rule Sets

D) Add Rule Items

Build the configuration by adding Rule Items to the Rule Sets. You can Allow or Deny items such as files, folders and drives. You can apply self-elevation and system controls, prohibit and redirect URLs.

For further details, see:

Rule Set Executable Control

Rule Set Privileges Management

Rule Set Browser Control


Create an Agent Policy

A) Enable Application Control

Navigate to New > Agent Policy.

Select the Application Control tab and select Enable Application Control.

B) Create Agent Policy

Navigate to New > Agent Policy.

For details, see Creating a New Security Controls Agent Policy

C) Assign a Configuration

From the Agent Policy Editor select which Configuration to use for Application Control from those available in the dropdown. You have the option to select to create a new configuration from within the Agent Policy Editor.


Create a Machine Group

A) Create and Configure a Machine Group

Navigate to New > Machine Group.

For details, see Creating a New Machine Group,

B) Add endpoints

Add the machines that you want to be AC managed endpoints to the machine group.

For details, see Configuring a Machine Group,

C) Set Credentials

You must set Administrator Credentials for the console machine and each endpoint machine to enable 2-way communication.

For details, see Supplying Credentials for Target Machines



A) Assign Agent Policy

Navigate to the required Machine Group.

Select the machines you are ready to deploy and select Install/ Reinstall Agents.

Select the Policy to assign to the machine from the dropdown.

Check all machines you want to deploy.

B) Install Agent

Once the Policy has been selected you need to check all machines you want to deploy.

Select the check box for all required machines.

Select Install.

The Application Control Agent and Configuration is installed onto all selected endpoints.

For details, see Creating or Editing a Deployment Template