Welcome
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or cannot be run on endpoints, thereby enhancing security and compliance.

BigFix Documentation Homepage
BigFix 10 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or cannot be run on endpoints, thereby enhancing security and compliance.
- Application Control v2.0.0
  Application Control v2.0.0 leverages Windows Defender Application Control (WDAC) for kernel-level policy enforcement to prevent unauthorized software execution.
- Migrating from Application Control v1.0.0 to Application Control v2.0.0
  Learn how to migrate from Application Control v1.0.0 to Application Control v2.0.0.
- Application Control v1.0.0 (To be deprecated)
  BigFix Application Control v1.0.0 is a lightweight, native enforcement system for managing application execution across enterprise endpoints. It delivers policy-driven application control within BigFix, enabling IT administrators to enforce usage policies with real-time monitoring and streamlined exception management.
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Virtual Endpoint Manager
HCL BigFix Virtual Endpoint Manager (VEM) enhances BigFix with centralized, unified endpoint management for hybrid cloud and data center environments, spanning virtual machines and physical endpoints. VEM delivers real-time endpoint visibility, policy-driven automation for configuration and compliance remediation, and consistent security controls to streamline IT operations, reduce risk, and strengthen regulatory compliance.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
BigFix Remediate
BigFix MCM

Application Control

BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or cannot be run on endpoints, thereby enhancing security and compliance.

Its key features are:

Tasks and Fixlet-driven management for easy policy enforcement.
Management interface accessible via Fixlets and Web Reports.
Blocks unauthorized applications to meet regulatory requirements.
Adds allow rules to allow apps using file paths or registry rules.

Ideal use cases for BigFix Application Control 2.0:

IT environments requiring strong execution control: Supports organizations adopting a deny-by-default model to reduce unauthorized or unknown application execution. WDAC-based enforcement helps limit exposure to untrusted software and common malware execution paths.
Compliance-driven and regulated environments: Suitable for organizations implementing stricter endpoint security baselines or application control requirements. Kernel-level enforcement through Windows Defender Application Control helps strengthen application governance and policy consistency.
Phased application control rollouts: Well suited for environments that require staged deployment using Audit mode before enforcement. Organizations can observe application usage, refine policies, and reduce operational disruption during rollout.
Environments with strong application visibility: Best suited for customers with application inventory or discovery capabilities, such as BigFix Inventory. Existing visibility into installed and used applications helps simplify base and supplementary policy creation.

When BigFix Application Control 2.0 is not a strong fit and why:

Selective or blacklist-only application blocking: WDAC is designed around a deny-by-default allow-listing model, not lightweight blacklist-only controls. Simple use cases such as blocking a single application may require broader policy design and management.
Environments expecting protection from privileged users: BigFix Application Control 2.0 helps strengthen execution control but should not be treated as a complete safeguard against highly privileged or administrative users. Additional security controls and governance processes may still be required.