Overview

The Application Control Solution lifecycle is represented by the following graphic:

File discovery

After installing Application Control Solution, you must install the File Inventory Agent on managed computers. Installing the File Inventory Agent lets you obtain a list of files that were discovered on the computers. The File Inventory Agent uses two policies to obtain inventory:

  • Default File Discovery Policy - Creates an inventory of applications that are installed on the managed computer.
  • Default File Inventory Policy - Collects information about specific applications, such as Win32 Executable and Digital Certificate information.

Application Control policies

You can use Application Control Policies to apply security policies to the applications on managed computers. The policy you create determines how an application runs and is used. Each policy has the following attributes associated to it:

  • Application Actions
  • Application Filters

Application action

You can define an action that is applied before an application is run. You can apply the following default application actions:

  • Application Metering.
  • Deny File Access.
  • Encrypt Application Files.
  • Messages: Display a user message when you run an application action.
  • Process Rights: Restrict or elevate an application's process rights.
  • Quarantine: Allows you to quarantine files.
  • SVS Layers: Run an application in a Software Virtualization Solution layer.

Note

For more information, see Application Actions. To create a policy with one of these defined application actions, see Creating an Application Control policy.

Application filters

You can define the applications that are associated with the Application Control Policy. For information, see Application filters summary.

Note

To create a policy with application filters, see Creating an Application Control policy.