Application control
Application control is an optional setting for
Windows
and Linux
devices that allows users to restrict any changes to executables on the device. Only applications that are on the device before application control is enabled are allowed to execute. Typically, application control is used for fixed function devices that are not changed after it's set up (for example, point-of-sale devices). When application control is enabled, attempts to add applications and make changes to applications on the device are denied. This means that applications cannot be downloaded from web browsers or copied from another device or computer (such as an external or shared drive).
The main objectives of application control are:
- Deny the execution of executable files from remote or external drives.
- Deny the creation of new executables on the local drive.
- Deny changes to existing files on the local drive.
Consider the following when using application control:
- TheCylancePROTECT DesktopandCylanceOPTICSagent update process is disabled when application control is enabled.
- You cannot remove theCylancePROTECT DesktopandCylanceOPTICSagents when application control is enabled.
- It is not recommended to runCylanceOPTICSon systems that use application control. When application control is enabled,CylanceOPTICSdoes not function properly due to the restrictive nature of application control.
- All executable files on remote or external drives are denied from executing when application control is enabled. To prevent production outages or excessive network activity, application control does not monitor file transfers to remote or external drives.
Application control settings
Option | Description |
---|---|
Application Control | This setting specifies whether to enable application control. When you enable application control, the following recommended settings will be automatically applied:
If you want to change any of these settings, clear the selection from the specified tabs. |
Change Window | When enabled, this setting temporarily disables application control to allow editing and running new applications or to perform updates, including updating the agent. After performing the necessary changes, clear this check box to close the change window and re-enable application control. When you use this setting to temporarily disable application control, changes such as folder exclusions are retained. If you disable the Application Control setting, the settings are reset to default. |
Folder Exclusions (includes subfolders) | This setting specifies an absolute path of folders that are allowed to make application changes and additions when application control is enabled. This setting applies to devices running Windows agent 1410 or later.Example: C:\Program Files\Microsoft SQL Server Folder exclusions are only available for local internal drives. Exclusions for removable or remote drives are not supported. |
Viewing application control activity
You can find the application control activity of a device from its
Device Details
page in the Threats & Activities
section.