top of page

WHITELISTING & BLACKLISTING MADE EASY WITH IVANTI APPLICATION CONTROL


Did you know that 81% of CIOs ranked endpoint security as their top spending priority?


Hackers almost exclusively target the endpoint for ransomware attacks because end users can easily be fooled with phishing attacks fueled by social engineering.

This is where Ivanti Application Control (AC) can come in to save your environment from being plagued with malware and ransomware. With features such as Application Access Control (AAC), Application Network Access Control (ANAC), Privilege Management, and Browser Control AC can improve your security posture quickly.

Application Control makes the whitelisting and blacklisting process simpler than ever with a feature called Trusted Ownership.

Trusted Ownership uses a kernel-level driver along with Microsoft’s built-in NTFS permissions to automatically allow all applications owned by one of the “Trusted Owners” to run without having to configure any rules. By default, Application Control has the following accounts set as “Trusted Owners”:


  • NT AUTHORITY\SYSTEM

  • BUILTIN\Administrators

  • %ComputerName%\Administrators

  • NT SERVICE\TrustedInstaller



This means that straight out of the box, everything installed by Microsoft is automatically whitelisted. To add to the simplicity of allowing applications to run, we can add any service account used to push application installations to the endpoint, whether it be an Administrator, or an SCCM or any other third-party installation account.


With Application Control we can ensure that only IT-approved applications are allowed to execute. If a user tries to open an unapproved or untrusted application, they will get an error with a warning that you configure.



Worried about Application Control being pushed to your endpoints and causing headaches until it is configured completely?


AC has a great feature to allow the agents to be pushed in an “Audit Only” mode.

In this mode, the agent sits silently on the endpoint, only reporting on what would be blocked if in a more restrictive mode and reporting back to the Management Server. This will allow visibility into what is being run on your endpoints that may have been installed by the end user themselves and build out a complete list before restricting the configuration. This in turn will allow you to have an almost unnoticeable transition to locking down the endpoints.



Struggling with applications that update frequently such as meeting software?

Application Control has you covered. With the Trusted Vendor feature, we can trust a vendor’s certificate instead of painstakingly adding all of the executables and DLLs for each application every time it is updated.


Interested in learning more?

Check out our YouTube playlist on Ivanti UWM to learn essential knowledge around the best practices for setup and configuration of AC in your environment.



Comments


Commenting has been turned off.
bottom of page