Welcome
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
Administrator Guide
This guide is for users who want to administer BigFix® Application Control.
Managing BigFix® Application Control
This section covers post-installation activities such as configuring and overseeing application settings to ensure optimal performance and security. This process is essential for maintaining system integrity and user access control.
Set Control Mode on an Endpoint
This topic outlines the process for setting the operational mode on an endpoint in BigFix Application Control, allowing administrators to choose between Allow Mode and Block Mode. Each mode enforces different rules for application execution, enhancing security or flexibility based on the environment's needs.

BigFix Documentation Homepage
BigFix 11 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
- Release Notes
  A summary of new or changed features and enhancements included in BigFix Application Control.
- Administrator Guide
  This guide is for users who want to administer BigFix® Application Control.
  - Overview
    Set a secure environment by using Application Control.
  - Installing BigFix® Application Control
    Install BigFix Application Control in two steps: first, identify the endpoints lacking the application, and second, execute the installer task on those endpoints. This process ensures that the application is properly deployed across your desired systems.
  - Managing BigFix® Application Control
    This section covers post-installation activities such as configuring and overseeing application settings to ensure optimal performance and security. This process is essential for maintaining system integrity and user access control.
    - Analyses: Effective Configuration
      This task describes how administrators can view the effective configuration applied to each endpoint from the BigFix console. It includes details on various data points available for all endpoints, such as Control Mode, Blocked Path Patterns Rules, and Exceptions.
    - View Endpoint Details using BigFix® Web Reports
      As an administrator, you can utilize BigFix Web Reports to view a comprehensive, read-only overview of all enterprise endpoints with the application installed. This topic outlines the steps to access and navigate the various tabs that display managed devices, blocklisted applications, allowlisted applications, and exception access logs.
    - Set Control Mode on an Endpoint
      This topic outlines the process for setting the operational mode on an endpoint in BigFix Application Control, allowing administrators to choose between Allow Mode and Block Mode. Each mode enforces different rules for application execution, enhancing security or flexibility based on the environment's needs.
    - Set Policy Modifications
      This topic provides instructions for setting policy modifications on endpoints, including creating new rules, removing existing ones, and applying rules from a CSV file. It is essential for managing application control rules to enforce security policies and prevent unauthorized software execution.
    - Set Exception on an Endpoint
      This topic outlines what all administrators can view the exceptions on an endpoint using the Task: Set Exception on Endpoint. It details the additional parameters required, including File_Name, Approved_By, Expiration_Date, and Reason, and explains the task's role in facilitating ServiceNow™ work flow for exception approval tickets.
    - Stage ServiceNow™ Update Set for Admin Handoff
      This topic outlines the process for staging a ServiceNow Update Set file on the BigFix® Root Server, facilitating the handoff between BigFix® and ServiceNow™ administration teams. It includes steps for notifying the ServiceNow™ administrator and importing the file to the ServiceNow™ instance after staging.
    - Configuring Update Sets, Catalog Files, & System Properties in ServiceNow™
      This task provides step-by-step instructions for configuring update sets, catalog files, and system properties in ServiceNow™. Administrators will learn how to set up the Update Sets property, import update sets from XML, and configure REST message properties to ensure effective communication with managed endpoints.
    - Set Global Policy
      Learn how to reset the Application Control policy on target endpoints to its original default state. This task removes all custom-defined rules, establishing a clean security baseline and ensuring that only explicitly allowed applications are permitted.
    - Remove BigFix® Application Control from an Endpoint
      This topic provides instructions for administrators to remove Application Control from target endpoints using the Task: Remove BAC Components from Endpoints. This process involves stopping the BAC service, deleting associated files, and cleaning user profiles.
  - Support
    For more information about this product, see the following resources:
- User Guide
  This guide is for desktop users or end users who will use BigFix® Application Control.
- Exception Manager Guide
  Designed for Exception Managers, this guide details the effective use of the ServiceNow™ tool. It highlights important features, functionalities, and best practices for managing exceptions efficiently.
- Application Control V1 Readme
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
BigFix Remediate
BigFix MCM

Set Control Mode on an Endpoint

This topic outlines the process for setting the operational mode on an endpoint in BigFix Application Control, allowing administrators to choose between Allow Mode and Block Mode. Each mode enforces different rules for application execution, enhancing security or flexibility based on the environment's needs.

About this task

Learn how to set the control mode on Application Control managed endpoints.

As an Administrator, you can set the operational mode for the Application Control policy on the endpoints. This setting determines the default execution and which set of rules (Allow or Block) are enforced on the endpoint.

There are two modes in BigFix Application Control:

Allow Mode

This mode has a default-deny policy. This means that all applications are blocked from running by default. Only applications and processes that match a specific "Allow Rule” are permitted to run. This is the most secure mode and is intended for highly controlled environments.
Block Mode

This mode has a default-allow policy. This means that all applications are permitted to run by default. Only applications and processes that match a specific “Block Rule” are prevented from running. This mode is intended for flexible environments.

You need to use Task: Set Control Mode on Endpoint for setting the desired control mode on an endpoint.

Follow the steps below to configure the mode on the endpoints:

Procedure

From the Fixlets and Tasks pane, select Task: Set Control Mode on Endpoint.
From the Task: Set Control Mode On Endpoint pane, select the relevant Mode from the drop-down, either Allow or Block.

Figure 1. Task: Set Control Mode on Endpoint
Select the Take Actions tab and select the endpoints on which you want to apply the selected mode.
Click OK.