Security Controls Evaluation Guide

Home 

Why use Executable Control?

Issue: You're rolling out application control into an enterprise environment where users have already been using their endpoints without any controls for an extended period. While a lot of software will have been installed by IT, the users have installed their own applications or utilities which they downloaded from the Internet. If the admin puts these endpoints into restricted mode, these applications will get blocked and users will be unhappy.

Solution: The admin puts endpoints into audit mode and reviews the event viewer daily to identify applications which should be allowed and adds these to a rule collection/allowed rule so that when endpoints are put into restricted mode, these applications won’t be blocked.

Issue: The administrator is reviewing the allowed application events for his test group and identifies some applications which don’t align with corporate policy.

Solution: The administrator adds these applications to a denied rule.

Your next step

See how to add items to a rule collection

See how to add items to an allowed rule

See how to add items to a denied rule

Find out about Security Levels

Read how to manage, retrieve and use Events


Was this article useful?