Overview

After installation, the Application Control Solution lifecycle is represented by the following graphic:

Understanding file discovery

After installing Application Control Solution you must install the File Inventory Agent on managed computers to obtain a list of files discovered on the computers. The File Inventory Agent uses two policies to obtain inventory:

  • Default File Discovery Policy - Create an inventory of applications installed on the managed computer.
  • Default File Inventory Policy - Collect information about specific applications, such as Win32 Executable and Digital Certificate information.

For more information, see File inventory agent configuration.

Understanding application control policies

Use Application Control Policies to apply security policies to applications on managed computers. The policy you create determines how an application can be run and used. Each policy has the following attributes associated to it:

Application action

You can define an action to be applied before an application is run. The default application actions you can apply are:

  • Deny file access
  • Encrypt Application Files
  • Display a User Message when you run an application action
  • Restrict or elevate an application's process rights
  • Quarantine files
  • Run an application in a Software Virtualization Solution layer

Note

For more information, see Application actions. To create a policy with one of these defined application actions, see Creating an Application Control Policy

Application filter

Define the applications that will be associated to the Application Control Policy. For information, see Application Filters.

Note

To create a policy with application filters, see Creating an Application Control Policy