One of the best ways to protect endpoints from malware is with application blocking. When this is enabled, only white-listed applications can run. Application blocking is managed through agent settings. You should consider having a separate agent setting for devices needing application blocking, since you man not want to block applications on servers, for example.
If you don't want all devices to block the same applications, you can create custom blocked application groups. For example, perhaps one department needs one set of applications blocked, and a different department needs a different set of applications blocked.
For detailed information and a video covering these scenarios, visit the Ivanti Community:
- How to use Application Blocking in LDMS Patch and Compliance Manager
- The Definitive Guide to Ivanti Endpoint Security
- Video--Blocking Applications
To enable application blocking in agent settings
- Click Tools > Configuration > Agent settings > Distribution and Patch. Create a new agent setting there or edit an existing one.
- Click Patch-only settings > Scan options. Select the Blocked applications option.
- Click Save.
To configure blocked applications
- Click Tools > Security and compliance > Patch and compliance.
- On the toolbar, switch to the Blocked applications view.
- If you haven't already, update the blocked applications list. Click the Download updates toolbar button. Click Windows > Security and select Applications to block. Click Download now.
- Once the applications to block list finishes downloading, in the Blocked applications tree click Unassigned to see the list of blockable applications.
- Select the applications you want to block in the Unassigned list and move them to the Block tree.
- The selected applications will now be blocked on devices.
Changes to the Block tree take effect on managed devices the next time the vulnerability scanner runs.