Welcome
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
Administrator Guide
This guide is for users who want to administer BigFix® Application Control.
Managing BigFix® Application Control
This section covers post-installation activities such as configuring and overseeing application settings to ensure optimal performance and security. This process is essential for maintaining system integrity and user access control.
Set Global Policy
Learn how to reset the Application Control policy on target endpoints to its original default state. This task removes all custom-defined rules, establishing a clean security baseline and ensuring that only explicitly allowed applications are permitted.

BigFix Documentation Homepage
BigFix 11 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
- Release Notes
  A summary of new or changed features and enhancements included in BigFix Application Control.
- Administrator Guide
  This guide is for users who want to administer BigFix® Application Control.
  - Overview
    Set a secure environment by using Application Control.
  - Installing BigFix® Application Control
    Install BigFix Application Control in two steps: first, identify the endpoints lacking the application, and second, execute the installer task on those endpoints. This process ensures that the application is properly deployed across your desired systems.
  - Managing BigFix® Application Control
    This section covers post-installation activities such as configuring and overseeing application settings to ensure optimal performance and security. This process is essential for maintaining system integrity and user access control.
    - Analyses: Effective Configuration
      This task describes how administrators can view the effective configuration applied to each endpoint from the BigFix console. It includes details on various data points available for all endpoints, such as Control Mode, Blocked Path Patterns Rules, and Exceptions.
    - View Endpoint Details using BigFix® Web Reports
      As an administrator, you can utilize BigFix Web Reports to view a comprehensive, read-only overview of all enterprise endpoints with the application installed. This topic outlines the steps to access and navigate the various tabs that display managed devices, blocklisted applications, allowlisted applications, and exception access logs.
    - Set Control Mode on an Endpoint
      This topic outlines the process for setting the operational mode on an endpoint in BigFix Application Control, allowing administrators to choose between Allow Mode and Block Mode. Each mode enforces different rules for application execution, enhancing security or flexibility based on the environment's needs.
    - Set Policy Modifications
      This topic provides instructions for setting policy modifications on endpoints, including creating new rules, removing existing ones, and applying rules from a CSV file. It is essential for managing application control rules to enforce security policies and prevent unauthorized software execution.
    - Set Exception on an Endpoint
      This topic outlines what all administrators can view the exceptions on an endpoint using the Task: Set Exception on Endpoint. It details the additional parameters required, including File_Name, Approved_By, Expiration_Date, and Reason, and explains the task's role in facilitating ServiceNow™ work flow for exception approval tickets.
    - Stage ServiceNow™ Update Set for Admin Handoff
      This topic outlines the process for staging a ServiceNow Update Set file on the BigFix® Root Server, facilitating the handoff between BigFix® and ServiceNow™ administration teams. It includes steps for notifying the ServiceNow™ administrator and importing the file to the ServiceNow™ instance after staging.
    - Configuring Update Sets, Catalog Files, & System Properties in ServiceNow™
      This task provides step-by-step instructions for configuring update sets, catalog files, and system properties in ServiceNow™. Administrators will learn how to set up the Update Sets property, import update sets from XML, and configure REST message properties to ensure effective communication with managed endpoints.
    - Set Global Policy
      Learn how to reset the Application Control policy on target endpoints to its original default state. This task removes all custom-defined rules, establishing a clean security baseline and ensuring that only explicitly allowed applications are permitted.
    - Remove BigFix® Application Control from an Endpoint
      This topic provides instructions for administrators to remove Application Control from target endpoints using the Task: Remove BAC Components from Endpoints. This process involves stopping the BAC service, deleting associated files, and cleaning user profiles.
  - Support
    For more information about this product, see the following resources:
- User Guide
  This guide is for desktop users or end users who will use BigFix® Application Control.
- Exception Manager Guide
  Designed for Exception Managers, this guide details the effective use of the ServiceNow™ tool. It highlights important features, functionalities, and best practices for managing exceptions efficiently.
- Application Control V1 Readme
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
BigFix Remediate
BigFix MCM

Set Global Policy

Learn how to reset the Application Control policy on target endpoints to its original default state. This task removes all custom-defined rules, establishing a clean security baseline and ensuring that only explicitly allowed applications are permitted.

About this task

Learn how to reset the Application Control policy on target endpoints to its original default state.

This task allows an administrator to reset the Application Control policy on target endpoints to its original default state. By running this action, you will be able to remove all custom-defined rules and restore the policy to the initial configuration created during the agent's installation.

Warning: Running this task will permanently delete all the existing custom application control rules from the bes_bac.pol file on the selected endpoints. This action is irreversible.

Note: Proceed only if you want to revert the endpoints to a factory default security policy.

This task is useful for establishing a clean security baseline, troubleshooting policy conflicts, or removing obsolete rules in bulk before deploying a new ruleset.

This task's action script performs the following steps on each target endpoint:

It generates a new default policy object. This policy configuration consists of the control mode set to block and an empty list of rules.
It encrypts the new default policy into the bes_bac.pol file, overwriting any existing versions.
Lastly, it restarts the BES Application Control service (BESBAC) to ensure the default policy is immediately enforced.

After this task completes, the endpoint will block all applications not explicitly allowed by a new policy, as no custom rules are present.

Procedure

From the Fixlets and Tasks pane, select Task: Set Global Policy.
Select the Take Actions tab and select the endpoints on which you want to apply this task.
Click OK.