Lumension® Endpoint Management and Security Suite:
Application Control

Compare

Feature

Application Control

AppLocker
 
 

Trust Model Support
Trusted Application
Trusted Publisher
Trusted Path
Trusted Path with File Ownership Checking
Trusted Updater
Software Demo: Automating Whitelist Management
AppLocker does not directly support a Trusted Updater model. For deployment of new applications AppLocker rules would have to manually be updated by the administrator.
 

Implementation
Whitelisting
Blacklisting
Software Demo: Eliminating Unwanted Applications
Application Execution Control
Application Auditing (Logging mode)
Software Demo: Getting Application Visibility
OS Service and User Application Control
AppLocker is designed for the control of user applications and is not designed for system service control.
Rapid Policy Propagation
For the GPO policy to be refreshed a logon must occur, gpudate must be run or the configured refresh interval must elapse (default 90 minutes)..
Simple Deployment to Existing Systems
AppLocker provides limited ability to 'Automatically Generate Rules' on a given system. With AppLocker this process would have to be repeated on each and every endpoint to generate a lockdown rule set for its existing current state. This lockdown rule set would then have to be implemented on the AD server if centralized policy management was desired. This process could be administratively burdensome to some organizations.
Easy Lockdown
Software Demo: Simplifying Whitelist Creation
Easy Auditor
 

Management
Optimized Central Management Console
A single dedicated security console encompassing policy management, logging and reporting does not exist. AppLocker is managed through standard GPO management techniques (gpmc.msc) for domain policies. (Secpol.msc may be used for local machine policy management.)
Centrally Managed Endpoint Application Scans
In theory AppLocker .xml policy sets from a central location could be developed by the enterprise through custom written scripts that utilize the Powershell.
Customizable user notifications
Notification is fully customizable including text and logo.
Allows partial customization of user messages such as reference URL in user message.
 

Auditing, Logging and Reporting
Simple Administrator Auditing
Auditing through standard Windows techniques, still utilize third party tools to simplify the auditing process.
Centralized User Activity Logging
AppLocker does not provide centralized event logging by default as events are collected locally and viewed with the Event Viewer.
Centralized Reporting
Software Inventory
Through LEMSS Vulnerability Management.
Not automated or centralized but accomplished through the use of Powershell cmdlets.
 

Integration
Integration with Active Directory
Integrated Antivirus
Integrated Vulnerability Management
Integrated Process Workflow
 

Security
Kernel-level driver
 

Executable Support
User Executables (.exe, .com)
Run time loaded files  (.dll, .ocx)
Installers (.msi, .msp)
System Executables (.sys ,drv .cpl, scr)
AppLocker documents the coverage of installers( .msi, .msp), scripts, executables (.exe) and run time loaded .dlls and ocx only as noted in http://technet.microsoft.com/en-us/library/ee619725(WS.10).aspx#BKMK. Certain other executable types such as .scr may be controlled by file hash but not all other system executable types.
 

OS Support
Windows 7 Ultimate and  Enterprise
Windows 2008 Server R2
Windows 7 Professional
Windows Vista
Windows XP
Windows 2003 Server


Footnote:

This information was developed by Lumension and is presented for educational and information purposes only. The above data reflects research done by Lumension in 2010 and 2011, using publically available information and resources. While Lumension tries to be fair and accurate in its comparative assessments, the capabilities of compared products and services can and do frequently change, and comparisons of this type are by nature unavoidably subjective. The reader is advised to independently verify information with each developer to ensure up-to-date accuracy and to specifically validate those characteristics that are most important to the reader.

Legend

- Fully Supported

- Partially Supported

- Not Supported

Roll over any item with a green star* to get additional comparative details.