DriveLock
Application Behavior Control

Application WhitelistingApplication permissions that add more security to application control.

 

Application Behavior Control takes malware protection to an even higher level of security

Application control with predictive whitelisting enables administrators to control the execution of any applications against a list of approved programs. However this protection can still be optimised to prevent fileless malware where attackers use approved Windows default administration or system tools and scripts in so-called "living off the land" attacks. This enhanced prevention significantly reduce the potential threat by restricting the applications behavior through controlled permissions.

Built on DriveLock Application Control, Application Behavior Control provides additional security by controlling application behavior using application permissions. Application permissions add more granular effect and provide better prevention against the possible circumvention of the whitelist.

 

The benefits of DriveLock Application Behavior Control

Advanced anti-malware capabilities for fileless malware (VB script/powershell, macros, etc.)

Prevents bypassing the whitelist by restricting application permissions.

Reduced administration effort through automatic learning of app behavior and app categories

Central configuration and central dashboard

 

Features of the Application Behavior Control

Drivelock Operations Center Reporting Application Control Blocked Applications
  • Restrict legitimate applications and scripts to required actions and permissions
  • Targeted blocking of sub-processes
  • Access control of applications to file system and registry
  • Regulate permission hierarchies
  • Self-learning application behavior
  • Restrict file and directory filters

    Test now
 

Application permissions increase security

  • Prevent permitted applications from starting further applications (processes or scripts), which could pose potential threats to the system.
  • Specify which type of access a particular application is allowed (e.g. reading/writing to files or accessing the registry).
  • Provide better protection against "fileless" attacks and block the invocation of certain subordinate processes.
 

Do you still have questions about Application Behavior Control?

Write to us - we will be happy to answer your questions.