Lumension® Endpoint Management and Security Suite:
Application Control

Key Product Features

Identifies and controls what applications are currently in your IT environment or can be added to your IT environment.
Automatically identifies trusted software that is authorized to run and prevent all other applications from executing – whether they are malicious, untrusted or merely unwanted.
Supports all executables including typical .EXEs, .DLLs, .COMs, etc.

Eliminates unknown or unwanted applications in your network, reducing the risk and cost of malware, and ultimately improving network stability.
Identifies all applications running within the endpoint environment.
Protects against exploits of un-patched OS and 3rd party application vulnerabilities.

Takes an automated "snapshot" of each endpoint, which is used to create a whitelist and begin enforcement of whitelist policies.
Creates a local whitelist immediately and begins enforcement of whitelist policies.

Allows administrators to observe and audit whitelisting policies to ensure business needs and security considerations are achieved before enforcement actions are applied.
Ensures business needs and security considerations are achieved before enforcement actions are applied.

Reduces IT burden in creating and maintaining a whitelist of trusted applications.
Enables IT to identify and assess organizational friction as a result of application policies before they are enforced.

Automates whitelist updates based on trust policies, including:

Trusted Publisher: Enables "on-the-fly" changes to the whitelist when changes are accompanied by a valid and signed certificate by the application provider.
Trusted Updater: Permits automated updates to the whitelist when changes are made by specifically authorized programs.
Trusted Path: Allows the whitelist to be automatically updated as changes are made in the library of known good applications.
Local Authorization: Lets end users make ad hoc changes with accountability and control, by tracking end user change and enabling administrators to reverse the change if necessary.

Allows flexible, trust-based policies to be managed across multiple variables without imposing a laborious manual process as changes are approved automatically and do not require administrator involvement.
Provides IT with the flexibility to apply differing levels of policy enforcement to users/groups based on business need.
Streamlines operational requirements for IT and enhances organizational productivity by automatically enforcing policy.
Helps IT manage and better control change brought about by end users with Local Admin rights.
Integrates with inputs from Lumension and other third party antivirus and patch management products to facilitate automated whitelist updating.
Reduces operational costs around IT help desk costs and the number of machines needing to be re-imaged and improves overall productivity.

Aggregates all data collected by local snapshot scans and provides grouping and filtering options for application policy management.

Supplies a view of every application running in the entire environment.
Allows administrators to group all executables into application and/or application groups.
Allows administrators to create a group called “unwanted apps” and assign a “denied apps” policy.

Provides powerful log analysis and reporting while delivering necessary visibility into endpoint events, including:

Closes the feedback loop between the whitelisting policy and end user actions.
Ensures that the appropriate balance between security and productivity is maintained.
Assists in whitelist maintenance as operational needs change.

Discovered applications in the Application Library can be easily added to a denied application policy and prevented from executing.

Prevents users from installing or running applications that the organization has deemed as unwanted for security, productivity or licensing reasons.

Delivers granular and flexible policy control to accommodate any use-case scenario.
Individual, Group and Global enforcement enables easy management of policy in complex environments.

Enforces whitelist on endpoints, regardless of whether or not they are connected to the network.

Ensures that remote/ disconnected users are constantly protected by keeping a local copy of updated hashes and permissions on each machine.

Integrates with other Lumension product modules on the Lumension® Endpoint Management and Security Suite: Lumension® AntiVirus, Lumension® Application Control and Lumension® Device Control.

Reduces endpoint agent bloat across endpoints and improves endpoint performance with coordinated scans and policy enforcement.
Improves endpoint visibility across antivirus definitions, vulnerabilities, configurations, and device and application policies - for both online and offline machines.
Lumension® Intelligent Whitelisting™ automatically updates hash files for whitelisted applications.