To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Application Control 2.0

TeemuM W/ Alumni Posts: 3 Security Scout

We are soon launching Application Control 2.0 for Windows clients with Computer Protection Premium subscription. It prevents execution and installation of applications, and prevents them from running scripts.


Application Control mitigates the risks posed by malicious, illegal, and unauthorized software in the corporate environment. It provides:

  • Security: Pre-configured security rules designed by F-Secure penetration testers, which cover attack vectors used to breach into corporate environments (part of initial launch).
  • Policy Enforcement: The administrator can define what applications are blocked, allowed, or monitored, based on a simple rule editor (to be launched in the weeks following the initial launch)
  • Application Inventory: The administrator can get a comprehensive view of what apps are running on specific devices or in a company (planned to be launched a few months from the initial release)


The policies can be edited in the Profiles view. There is a toggle to enable or disable Application Control. This toggle is on by default, however the rules are disabled.





Global Rule: Defines what is the last rule applied to all applications. In the initial launch, only "allow all applications" is supported. This means that if an application is not blocked by any of the rules, it will be allowed. In next iteration, we will introduce the rule "Block all applications", which allows tighter control of the security of a computer, as anything not explicitly allowed is blocked by default.



Exclusion Table: Each exclusion rule is controlled by an on/off toggle. Exclusion rules in the table are applied in priority order: the first rule is applied first, the second after that, etc.


By default, exclusion rules are turned off. We recommend turning on all security rules provided by F-Secure, as they provide critical extra security. If one of the rules blocks a legitimate application, it will be visible under the security notifications in the Device view. Before the exclusions, simply turn the rule off and inform us, for example with a comment on this post or through the feedback form in the Management Portal.




In the next release, Admin can also create their own exclusion rules, based on various criterion. But more on that closer to the next release.





  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master



    I think the product interface, as shown by the illustrations, uses confusing terminology. For example the green slider when in fact it is about blocking or the use of word "exclusion" when in fact enforcing various blocks.


    These kind of "modern design" UI phraseologies can be insanely confusing for middle-aged or older people, whose world view is based on yes / no, rather than relativistic terms which change meaning based on subtle context.


    (I actually think these modern UI styles and terminology are closely related to the rise of personal media, where news, i.e. reports of events and decisions quickly become relativized items and eventually end up as Kremlin fake propaganda. Nothing is solid any more.)


    Anyhow I think most operators of PSB account are people born way before 2000, so maybe the the portal UI should cater to them, rather than teenagers?


    Thanks for your kind attention, Yours Sincerely:

    Tamas Feher, Hungary.

  • TeemuM
    TeemuM W/ Alumni Posts: 3 Security Scout



    Thank you for the feedback etomcat! I'll ask our UX team to take another look at the terminology and colors based on your suggestions.


    And now that we are here, any thoughts on additional rules you would like us to bring in the future? Any other wishes or requirements for Application Control?




This discussion has been closed.