Welcome
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
Administrator Guide
This guide is for users who want to administer BigFix® Application Control.
Managing BigFix® Application Control
This section covers post-installation activities such as configuring and overseeing application settings to ensure optimal performance and security. This process is essential for maintaining system integrity and user access control.
Set Policy Modifications
This topic provides instructions for setting policy modifications on endpoints, including creating new rules, removing existing ones, and applying rules from a CSV file. It is essential for managing application control rules to enforce security policies and prevent unauthorized software execution.
Remove Existing Rule from Endpoints
This topic describes the mode which allows administrators to remove or modify Application Control rules from an endpoint's policy file using the Task: Set Policy Modifications. Users can either delete a rule entirely or adjust specific file paths or hashes, ensuring immediate application of changes by restarting the BESBAC service.

BigFix Documentation Homepage
BigFix 11 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
- Release Notes
  A summary of new or changed features and enhancements included in BigFix Application Control.
- Administrator Guide
  This guide is for users who want to administer BigFix® Application Control.
  - Overview
    Set a secure environment by using Application Control.
  - Installing BigFix® Application Control
    Install BigFix Application Control in two steps: first, identify the endpoints lacking the application, and second, execute the installer task on those endpoints. This process ensures that the application is properly deployed across your desired systems.
  - Managing BigFix® Application Control
    This section covers post-installation activities such as configuring and overseeing application settings to ensure optimal performance and security. This process is essential for maintaining system integrity and user access control.
    - Analyses: Effective Configuration
      This task describes how administrators can view the effective configuration applied to each endpoint from the BigFix console. It includes details on various data points available for all endpoints, such as Control Mode, Blocked Path Patterns Rules, and Exceptions.
    - View Endpoint Details using BigFix® Web Reports
      As an administrator, you can utilize BigFix Web Reports to view a comprehensive, read-only overview of all enterprise endpoints with the application installed. This topic outlines the steps to access and navigate the various tabs that display managed devices, blocklisted applications, allowlisted applications, and exception access logs.
    - Set Control Mode on an Endpoint
      This topic outlines the process for setting the operational mode on an endpoint in BigFix Application Control, allowing administrators to choose between Allow Mode and Block Mode. Each mode enforces different rules for application execution, enhancing security or flexibility based on the environment's needs.
    - Set Policy Modifications
      This topic provides instructions for setting policy modifications on endpoints, including creating new rules, removing existing ones, and applying rules from a CSV file. It is essential for managing application control rules to enforce security policies and prevent unauthorized software execution.
      - Set New Rule on Endpoints
        This topic describes the mode which enables administrators to create and deploy new rules on target endpoints. It allows for the definition of new application rules based on file patterns or specific file hashes, thereby enforcing security policies and preventing unauthorized process execution.
      - Remove Existing Rule from Endpoints
        This topic describes the mode which allows administrators to remove or modify Application Control rules from an endpoint's policy file using the Task: Set Policy Modifications. Users can either delete a rule entirely or adjust specific file paths or hashes, ensuring immediate application of changes by restarting the BESBAC service.
      - Apply CSV Ruleset to an Endpoint
        This topic describes the mode which outlines how to apply a CSV ruleset to an endpoint using the BigFix console. It enables administrators to dynamically manage application block and allow lists by reading from centrally managed CSV files, ensuring that the local JSON policy file on the endpoint is updated accordingly.
    - Set Exception on an Endpoint
      This topic outlines what all administrators can view the exceptions on an endpoint using the Task: Set Exception on Endpoint. It details the additional parameters required, including File_Name, Approved_By, Expiration_Date, and Reason, and explains the task's role in facilitating ServiceNow™ work flow for exception approval tickets.
    - Stage ServiceNow™ Update Set for Admin Handoff
      This topic outlines the process for staging a ServiceNow Update Set file on the BigFix® Root Server, facilitating the handoff between BigFix® and ServiceNow™ administration teams. It includes steps for notifying the ServiceNow™ administrator and importing the file to the ServiceNow™ instance after staging.
    - Configuring Update Sets, Catalog Files, & System Properties in ServiceNow™
      This task provides step-by-step instructions for configuring update sets, catalog files, and system properties in ServiceNow™. Administrators will learn how to set up the Update Sets property, import update sets from XML, and configure REST message properties to ensure effective communication with managed endpoints.
    - Set Global Policy
      Learn how to reset the Application Control policy on target endpoints to its original default state. This task removes all custom-defined rules, establishing a clean security baseline and ensuring that only explicitly allowed applications are permitted.
    - Remove BigFix® Application Control from an Endpoint
      This topic provides instructions for administrators to remove Application Control from target endpoints using the Task: Remove BAC Components from Endpoints. This process involves stopping the BAC service, deleting associated files, and cleaning user profiles.
  - Support
    For more information about this product, see the following resources:
- User Guide
  This guide is for desktop users or end users who will use BigFix® Application Control.
- Exception Manager Guide
  Designed for Exception Managers, this guide details the effective use of the ServiceNow™ tool. It highlights important features, functionalities, and best practices for managing exceptions efficiently.
- Application Control V1 Readme
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
BigFix Remediate
BigFix MCM

Remove Existing Rule from Endpoints

This topic describes the mode which allows administrators to remove or modify Application Control rules from an endpoint's policy file using the Task: Set Policy Modifications. Users can either delete a rule entirely or adjust specific file paths or hashes, ensuring immediate application of changes by restarting the BESBAC service.

About this task

Learn how to remove existing rules on Application Control managed endpoints.

As an administrator, you can use this mode to modify or delete an existing application control rule from an endpoint’s policy file. You can either completely delete a rule or remove specific file paths or hashes from a rule.

For a full rule deletion, update only the Rule Name and Rule Type fields but leave the other fields empty. For a partial rule modification, update all the fields. After the JSON policy file is modified, BESBAC service restarts to ensure that the changes are applied immediately.

You need to use the mode Remove Existing Rule for deleting or modifying rules on endpoints.

Perform the following steps to remove and/or modify the existing rules from endpoints as needed:

Procedure

From the Task: Set Policy Modifications pane, enter the following information on the Description tab:

Figure 1. Remove Existing Rule

Table 1. Task: Set Policy Modifications Remove Existing Rule Mode Configuration Options
Field Name	Description
Select Mode	Select the mode: Remove Existing Rule.
Rule Name	Name of the rule.
Rule Type	Type of rule. Can be either Block or Allow.
Path Pattern	Path of the application or process to be allowed or blocked.
File Hash	Hash value of the application file.

Note: For full rule deletion, update only the Rule Name and Rule Type fields. But for a partial rule modification, you will need to update all the fields.

Select the Take Actions tab and select the endpoints from which you want to remove the rules.
Click OK.