Introduction to the Application Control

Application Control keeps IT security requirements in balance with user productivity needs, delivering endpoint security through executable, privilege, and browser control. Application Control functionality can deliver increased corporate compliance, improved platform stability and consistency, and significant reductions in both IT support and software licensing costs.

Do you want more information? Go to the main Ivanti Security Controls Help.

Show Me!

A video tutorial is available on how to get started with AC is available on the Ivanti Help You Tube channel here:

Introduction to Application Control (7.22)

Workflow

The table below describes the workflow required to get you up and running with Application Control.

To drill down into further detail, hyperlinks to related topics within the Evaluation Help are provided. If the topic is not covered in the Evaluation Help, the links will take you to the main Security Controls Help, also available from Help.ivanti.com.

1

BUILD A CONFIGURATION

A) Enable Functionality

  • Navigate to New > Application Control Configuration.
  • Select the functionality you want to enable; Executable Control, Privilege Management and Browser Control.

For details, see Creating an AC Configuration

B) Define Rule Collections

You have the option to create a library of Rules, called Rule Collections, these can then be applied to Rule Sets.

  • Navigate to New > Application Control Configuration.
  • Select Rule Collections > Executable Control / Privilege Management

For details, see Rule Collections

C) Configure Rule Sets

Create Rule Sets for Groups, Users, Devices, Scripts or Processes.

  • Navigate to New > Application Control Configuration.
  • Select Rule Sets.

For details, see Rule Sets

D) Add Rule Items

  • Build the configuration by adding Rule Items to the Rule Sets. You can Allow or Deny items such as files, folders and drives. You can apply self-elevation and system controls, prohibit and redirect URLs.

For further details, see:

Executable Control

Privilege Management

Browser Control

2

CREATE AN AGENT POLICY

A) Enable Application Control

  • Navigate to New > Agent Policy.
  • Select the Application Control tab and select Enable Application Control.

B) Create Agent Policy

  • Navigate to New > Agent Policy.

For details, see Create an Agent Policy

C) Assign a Configuration

From the Agent Policy Editor select an existing AC Configuration from the drop-down list. You also have the option to create a new configuration from within the Agent Policy Editor.

3

CREATE A MACHINE GROUP

A) Create and Configure a Machine Group

  • Navigate to New > Machine Group.

For details, see Creating a New Machine Group

B) Add endpoints

Add the machines that you want to be AC managed endpoints to the machine group.

For details, see Configuring a Machine Group

C) Set Credentials

You must set Administrator Credentials for the console machine and each endpoint machine to enable 2-way communication.

For details, see Supplying Credentials for Target Machines
4

DEPLOYMENT

A) Assign Agent Policy

  • Navigate to the required Machine Group.
  • Select the machines you are ready to deploy and select Install/ Reinstall Agents.
  • Select the Policy to assign to the machine from the dropdown.
  • Check all machines you want to deploy.

B) Install Agent

Once the Policy has been selected you need to check all machines you want to deploy.

  • Select the check box for all required machines.
  • Select Install.

The Application Control Agent and Configuration is installed onto all selected endpoints.

For details, see Creating or Editing a Deployment Template