Skip to main content
McAfee Enterprise MVISION Cloud

About Application Control

Using Application Control policies, an SOC admin or an IT admin can create policies to control the use of specific applications on their server VMs in cloud. You can select those discovered applications to allow and deny from executing on the cloud VMs.

Application Control Policies support two modes: 

  1. Observe. In Observe Mode, all applications are allowed. Activities are reported when the applications that are not specifically selected as part of the policy are executed. You can notify users about the status of the application without preventing them from using it.
  2. Enforce. In Enforce Mode, all applications that are not selected as part of your policy are blocked from users executing them. All activities are reported for the blocked applications.  

Application Control activities are displayed on the Activity Monitoring page. 

Prerequisites

Before you can create an Application Control policy, you must install McAfee Enterprise Cloud Workload Protection Platform (CWPP) POPs and CWPP Agents on the endpoints. The agents discover applications on the endpoints and send this data to MVISION Cloud to build the app inventory. Currently, only Linux is supported. 

Application Control Page

Find the Application Control page at Policy > Application Control

application_control_page.png

The Application Control page provides the following actions and information: 

  • Filters. Select options on the Filters tab to scope down your search. 
  • Search. Search via the Omnibar
  • Actions. Click Actions to:
  • Policy Name. Displays the name of the policy. 
  • Status. Active or Inactive. 
  • Policy Mode. Displays whether the policy uses Observe or Enforce mode. 
  • Platform. Displays the operating system the policy is based on. 
  • Last Updated. Displays the time and date when the policy was last updated. 
  • Updated By. Displays the name of the user who last updated the policy. 

Application Control Cloud Card

Click an Application Control policy in the table to open the Cloud Card with more details. 

application_control_cloud_card.png

The Application Control Cloud Card provides the following information and actions:

  • Policy Name. Displays the name of the policy. 
  • Status. Active or Inactive. Click the toggle to enable or disable. 
  • Policy Mode. Displays whether the policy uses Observe or Enforce mode. 
  • Platform. Displays the operating system the policy is based on. 
  • Policy Origin. Displays where the policy was created. 
  • Select Action. 
    • Activate Policy
    • Deactivate Policy
    • Delete Policy
  • Last Updated Date. Displays the time and date when the policy was last updated. 
  • Updated By. Displays the name of the user who last updated the policy. 
  • Was this article helpful?