WDAC is Microsofts Allow-listing technology that is built-in into the Windows operating system. Application control is a crucial line of defense for protecting enterprises given today's threat landscape, and it has an inherent advantage over traditional antivirus solutions. Specifically, application control moves away from an application trust model where all applications are assumed trustworthy to one where applications must earn trust in order to run. More details can be found here

App Control was created out of the need for proper tooling in WDAC projects. Back in 2015, when the founders started digging into this technology, they quickly realized that without proper tooling it would be challenging to bring a WDAC project to a successful ending. Out of this need, the App control project was born. Get a more in-depth answer at our blog.

After successful installation of the server agent, whenever an application is added to your Configmgr environment, it will automatically be processed by AppControl. This is handled by a Status Filter Rule. A trigger is configured to monitor new applications. Whenever a new application is detected, a commandline is launched to send your application to AppControl for processing.

After successful installation of the server agent, whenever an application modified in your Configmgr environment, it will automatically be processed by AppControl. This is handled by a Status Filter Rule. A trigger is configured to monitor application modification. Whenever a modification is detected, a commandline is launched to send your modified application to AppControl for processing.

AppControl uses Azure Blob Storage as an intermediate storage solution for transferring data from your environment to our processing back-end. As a result of this, the network requirements are the same as for regular azure blob storage usage : Firewall port : 443 (TCP) Firewall destination : *.blob.core.windows.net

The AppAnalyzer tool will generate entries to a logfile for each time an application is added or modified. This logfile can be found here : "C:\Windows\temp\appanalyser.log" on your primary site server. The picture below shows that an application is uploading to our back-end storage for processing. This is the first thing to validate. If sources are uploaded successfully, they will be processed at our and. It can take up to 3 hours before processed applications will be visible in the portal. If, after multiple hours, no applications are visible, you should reach out to us for further analysis. (A contact form is found at the bottom this FAQ page) If only some applications are visible in the portal, it probably means that we could not automatically process the applications that are not showing up. Please reach out to us so we can verify what could be the cause for this issue.

A Support ID is a unique ID that was generated when your Configuration Manager environment got setup. App Control uses this support ID to link your environment to our back-end database. You can retrieve the support ID in the following 2 ways. 1) Get your support ID from the Configuration Manager console. Select the arrow in the upper left corner of the ribbon, and then choose About Configuration Manager. You can select and copy the support ID from the window that opens. 2) Run the following powershell script on your primary site server. Don't forget to replace the site-code with your actual site-code : Get-CimInstance -Namespace root\sms\site_<site-code> -ClassName sms_identification | select supportid

After the installation of the server agent, any application that is added or modified will automatically be processed. However, you probably have already multiple applications configured in your ConfigMgr environment that you would like to be processed by AppControl. We provide a powershell script that allows you to do just that. In the installation folder of your AdminUi you will find a subfolder called "AppAnalyzer". In this subfolder is a script called "BulkSelectApplications.ps1" Run this script with any user that has at least application admin rights within ConfigMgr. The script will launch a UI that lists all of the applications from your environment. Select the apps that you wish to have processed and click OK to kick-off the process. The "Add Criteria" button allows you to filter the applications on multiple criteria if you do not wish to select all applications. A logfile will be created in the tempfolder of the user that launches the bulkselectapplication.ps1 You can find the logfile in this location : C:\Users\<YourUser>\Appdata\Local\Temp\AppAnalyzer.log

The installation package of the Server Agent is based on the popular framework "Powershell App Deployment Toolkit" as this allows the most transparency in what happens during the installation. The installation performs 2 actions. It copies all the necessary binaries under a subfolder of your AdminUI installation folder. This subfolder is called "AppAnalyser" It creates a Status Filter Rule called "WDAC AppControl Application Analyser" to automatically process any new or modified applications. To Install the Server agent, perform the following tasks : Extract the binaries in a temporary folder on your Primary Site Server. Launch an admin powershell prompt from within that prompt, navigate to the folder you extracted the agent in Run the following commandline : Deploy-Application.ps1 -DeploymentType 'install' The installation should only take a short time to complete. After the installation is completed, new or modified applications will automatically be processed by AppControl. We suggest you modify a simple application by adding a small comment to it to test the functionality of the agent. A logfile will be generated under "c:\windows\temp\appanalyser.log"

Click the "Download Server Agent" under the download section of the portal.