Welcome
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
Application Control v2.0.0
Application Control v2.0.0 leverages Windows Defender Application Control (WDAC) for kernel-level policy enforcement to prevent unauthorized software execution.
Overview
Set a secure environment by using Application Control.

BigFix Documentation Homepage
BigFix 11 Lifecycle Documentation
Welcome to the BigFix Lifecycle documentation, where you can find information about how to install, maintain, and use BigFix Lifecycle.
BigFix Platform
BigFix Query
Lifecycle overview
BigFix Lifecycle is single-agent, single-console technology that provides near real-time visibility into the state of endpoints.
Lifecycle guides in PDF format
Following is a list of links to the BigFix Lifecycle guides in PDF format:
Software Distribution
Use the BigFix Software Distribution applications to deploy software to endpoints across your network from a single location. Maintain control and visibility into software delivery and installation. Device owners can use the Self Service Application to manage software and other BigFix actions that are deployed to them as offers.
OS Deployment
BigFix OS Deployment, which is part of the BigFix Lifecycle Management suite, provides a consolidated, comprehensive solution to quickly deploy new workstations and servers throughout a network from a single, centralized location. This solution saves time and money, enforces a standardized and approved image, and reduces risks associated with non-compliant or insecure configurations.
Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
Power Management
Use Power Management to control, monitor, and manage conservation policies in your deployment.
Application Control
BigFix Application Control provides a robust framework for managing application usage within an organization. It allows administrators to define policies that dictate which applications can or can not be run on endpoints, thereby enhancing security and compliance.
- Application Control v2.0.0
  Application Control v2.0.0 leverages Windows Defender Application Control (WDAC) for kernel-level policy enforcement to prevent unauthorized software execution.
  - Overview
    Set a secure environment by using Application Control.
  - What's new in this release
    A summary of new or changed features and enhancements included in BigFix Application Control v2.0.0
  - Features added in previous releases
    In this section, you can find the feature updates from the previous versions.
  - Application Control Persona’s
    This document outlines the various user persona's associated with the BigFix console, including the Security Administrator, IT Administrator, SOC Analyst, and End User.
  - System Architecture
    The system architecture of Application Control.
  - Migrating from Application Control v1.0.0 to v2.0.0
    Learn how to migrate from Application Control v1.0.0 to Application Control v2.0.0.
  - Administering Application Control v2.0.0
    Users with an administrator persona can perform the tasks mentioned in this chapter in Application Control v2.0.0.
- Migrating from Application Control v1.0.0 to Application Control v2.0.0
  Learn how to migrate from Application Control v1.0.0 to Application Control v2.0.0.
- Application Control v1.0.0 (To be deprecated)
  BigFix Application Control v1.0.0 is a lightweight, native enforcement system for managing application execution across enterprise endpoints. It delivers policy-driven application control within BigFix, enabling IT administrators to enforce usage policies with real-time monitoring and streamlined exception management.
Server Automation
Server Automation provides powerful automation. You can use it to sequence automation actions in steps across multiple endpoints.
Virtual Endpoint Manager
HCL BigFix Virtual Endpoint Manager (VEM) enhances BigFix with centralized, unified endpoint management for hybrid cloud and data center environments, spanning virtual machines and physical endpoints. VEM delivers real-time endpoint visibility, policy-driven automation for configuration and compliance remediation, and consistent security controls to streamline IT operations, reduce risk, and strengthen regulatory compliance.
Profile Management
Profile Management is a WebUI-based feature of BigFix Lifecycle. It provides Security Administrators the capability to define and deploy security policies to Windows 10 and macOS devices.
BigFix Remediate
BigFix MCM

Overview

Set a secure environment by using Application Control.

BigFix® Application Control is a security solution designed to manage which software can run on Windows devices within BigFix environments in an organization. It utilizes Windows Defender Application Control (WDAC) as the chosen enforcement engine to apply policies at the kernel level, preventing unauthorized software execution through kernel-level enforcement. It is a lightweight, native enforcement system designed for comprehensive management of application execution across enterprise endpoints. Following is a more detailed breakdown of its core components and how they function:

Core Security Mechanism: WDAC Integration
The solution's strength lies in its use of Windows Defender Application Control (WDAC).
- Kernel-level Enforcement: Unlike standard software that runs in "user mode," WDAC operates within the Windows kernel. This means the security checks happen at the deepest layer of the operating system.
- Allowlisting vs. Blocklisting:
  - Allowlisting: A "Zero Trust" approach where only approved applications can run; everything else is blocked by default.
  - Blocklisting: Specific known-malicious or unwanted programs are banned, while others are permitted.
Centralized Management & Deployment
BigFix acts as the "brain" for these Windows security features, allowing IT teams to manage everything from one place.
- The BigFix Console: Instead of manually configuring every computer, administrators use the central BigFix console to create rules (policies) and push them out to thousands of endpoints simultaneously.
- Policy Management: This includes defining which softwares are safe and which are restricted based on the inputs (like file hash, file name, file path, or publisher) provided.

Table 1. BigFix Application Control v2.0.0 Summary Table
Feature	Benefit
WDAC Engine	Provides high-level security that is difficult for malware to disable.
Kernel Enforcement	Stops unauthorized code before it can even start.
BigFix Console	Enables massive scalability for enterprise environments.

Note:

BigFix Application Control currently supports application enforcement for both physical and virtual Windows™ (environment) devices only.
Non-windows environment (macOS™ & UNIX™/Linux™) support is planned for the future.