aidarrow-end-inversearrow-endarrow-left-angulararrow-left-angularWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareArticleUse caseWebinarResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days

Application control

One of Defendpoint's core capabilities

Application control

Defendpoint application control is essential in the prevention of malware. With tightly integrated privilege management capabilities, the days of complex whitelists based on thousands of hash rules are gone.

Set a handful of broad rules based on trusted application types, automatically stopping unapproved applications from running. Intelligent yet simple rules allow you to achieve whitelisting very easily, with unknown applications managed via dynamic exception handling.

Whether it’s application, installation, task or script, Defendpoint allows only trusted activities to run, preventing advanced malware attacks from launching. 


  • Simple to use and manage
  • Block unauthorized applications from running
  • If an attacker can't launch the code, they can't launch the attack
  • Small number of pragmatic rules that trust the build makes whitelisting easy
  • Ensure all users are catered for with dynamic exception handling

Technical features

  • Broad range of supported applications including Windows Store and Apple App Store
  • All downloaded applications are tracked, so that rules are applied whenever the software is executed
  • Automatic approval for advanced users, protected by full audit trails and reports
  • Challenge & response codes facilitate dual authentication
  • Built-in discovery for new applications introduced to the environment

What makes it different?

  • Patented URL tracking and control allows applications to be identified based on download source
  • Access to privileged files can be granted without needing to assign admin rights to user or application
  • Integration with content isolation enables contextual whitelisting rules to be applied in a sandbox environment
  • Simple management interface with pre-built templates and firewall style rules for ease of use

Watch the Defendoint overview

Achieve least privilege in hours - not months - with Defendpoint from Avecto.

Whitelisting made simple

Defendpoint’s application control capability tightly integrates with privilege management.