Application Control provides the following methods to restrict the applications that can execute or install on your endpoints:
Block: Block specified applications from executing on endpoints
Block Mode uses the kernel-level blocking method to block applications before execution on your corporate endpoints. Kernel-level blocking prevents applications from starting by blocking file access. This provides greater security, but may unexpectedly block or momentarily delay access to certain files needed by allowed applications.
Lockdown: Block all applications not identified during the last inventory scan
Before locking down an endpoint, Application Control scans the endpoint and creates a complete application inventory. Only applications that already exist in the inventory can execute on the endpoint. During Lockdown, Application Control prevents the execution of upgrade or installation packages.
Depending on the user's environment, the inventory scan can take several hours to complete. Periodically check the Application Control status on the Security Agent console. The inventory scan might also affect endpoint performance. Plan cautiously before applying Lockdown to any server.