Application control Skip Navigation

Application control

Application control is an optional setting that allows users to restrict any changes to executables on the device. Only applications that are on the device before application control is enabled are allowed to execute. Trying to add new applications or changing an existing application on the device will be denied.
The main objectives of application control are:
  • Deny execution of executable files from remote or external drives.
  • Deny creation of new executables on the local drive. See Using the Linux agent with application control for differences in the Linux agent.
  • Deny changes to existing files on the local drive.
  • Application control is typically used for fixed function devices that are not changed after setup (example: point-of-sale machines).
  • Application control is available for Windows and Linux systems. Application control is not supported by the macOS agent.
  • The
    CylancePROTECT Desktop
    and
    CylanceOPTICS
    agent update process is disabled when application control is enabled.
  • Trying to remove the
    CylancePROTECT Desktop
    or
    CylanceOPTICS
    agent will fail when application control is enabled.
  • It is not recommended to run
    CylanceOPTICS
    on systems using application control. When application control is enabled,
    CylanceOPTICS
    will not function properly due to the restrictive nature of application control.
To view application control activity, users can sign in to the console and click any device that is in a device policy with application control enabled. The Device Details page lists all actions relevant to application control under the Threats & Activities section.
  • For Linux operating systems, application control uses the inventory system and only files in the inventory can execute. application control for Linux does not prevent a file from being created but does prevent inventoried files from being modified.
  • If application control is enabled, functionality for
    CylanceOPTICS
    will fail.
Option
Description
Application Control
When you enable application control, the following recommended settings will be automatically applied:
  • Auto-quarantine with execution control will be selected for both unsafe and abnormal files on the File Actions tab.
  • Memory protection will be selected on the Memory Actions tab.
  • All memory protection violation types will be set to terminate on the Memory Actions tab.
  • Watch for new files will be selected on the Protection Settings tab.
To change any of these settings, go to the specified tab and clear the selected option.
Change Window
Temporarily disables application control (when set to open) to allow editing and running new applications or to perform updates. This includes updating the agent. After performing the necessary changes, clear the Change Window check box to set it to closed.
Using the Change Window retains any changes made to the application control settings. Turning application control OFF and then back ON resets the Application Control settings back to default.
Folder Exclusions (Including Subfolders)
Specifies an absolute path to allow application changes and additions to the specified folders while application control is enabled (requires agent 1410 and higher).