aidarrow-end-inversearrow-endarrow-left-angulararrow-left-angularWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareArticleUse caseWebinarResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days

Privilege management

One of Defendpoint's core capabilities

Privilege management

Defendpoint's mature privilege management capability allows you to remove admin rights from all users to stop attackers from exploiting privileges and gaining access to your data.

Working in tandem with application control, this powerful combination makes whitelisting simple - allowing you to assign privileges directly to applications, tasks and scripts to protect the endpoint against attacks that hit the operating system.

We take a policy-based approach so that rules are assigned to different groups of users, depending on the specific needs of your business departments.


  • Mitigate 80% of Critical vulnerabilities reported by Microsoft*
  • Eliminate admin rights from all users without negative impact, including sysadmins
  • Protect the endpoint from insider threats
  • Prevent advanced users having credentials exploited in pass-the-hash attacks
  • Simple to set up, manage and rollout across thousands of users

*Microsoft Vulnerabilities Report 2017

Technical features

  • Target individuals and groups with precise policy rules applied to applications
  • Elevate applications on-demand with optional gated control
  • Works seamlessly with Microsoft User Account Control / mac OS to enhance prompts
  • Wizard-based templates and filter engine ensures clean configuration
  • Handles diverse requirements across Windows and mac OS endpoints

What makes it different?

  • Support for the largest range of applications
  • Discover privileges with unique reasons and insight linked to your reporting dashboards
  • Security assured with in-built anti-tamper, privileged account and process protection, policy certification and content validation
  • Intercept and replace Microsoft User Account Control prompts with highly customized messages

Watch the Defendpoint overview

Achieve least privilege in hours - not months - with Defendpoint from Avecto.

Privilege management makes whitelisting achievable

Defendpoint’s privilege management capability works hand in hand with application control to make whitelisting achievable