This section provides optional background related to the VMware Carbon Black App Control solution. If you have experience or background knowledge on the App Control solution this section may be skipped.
1. App Control Architecture
The App Control architecture consists of the following main components: App Control Server and the App Control Agent.
2. App Control Server
The App Control Server manages policies and rules including software approvals and bans. It also provides visibility into events and file activity on computers with an app control agent. To access the server, administrators use the App Control Console, which is a web-based user interface.
The server software runs on standard, server-class Windows computers. It can be run on a dedicated system or a virtual machine.
For information on supported App Control operating environment requirements see the following resource: VMware Carbon Black App Control Server Operating Environment Requirements
For information on installing the App Control Server see the following resource: Installing the App Control Server Software
3. App Control Agent
The App Control Agent runs on client servers, desktops, laptops, virtual machines, and fixed-function devices. The agent monitors file and process activity and communicates with the App Control Server when necessary.
The App Control agent runs silently in the background until it blocks a file or requests approval (depending on enforcement level), at which point it can display a message to the user.
4. Initialization Crawl
App Control performs a one-time initialization crawl to inventory items and send this information to the App Control server. After the initialization crawl the App Control agent periodically sends over inventory updates to the server (30-second intervals).
Due to this operating method of looking for inventory updates versus a full inventory pull, App Control can keep resource utilization at 1-2% CPU per machine.
5. How App Control Works
App Control is a positive security solution allowing for a "default deny" approach to reduce the attack surface and prevent threats.
App Control works by allow administrators to lock down critical systems, with the power to only allow approved files to run. This approach vastly limits the attack surface for advanced security capabilities.
VMware Carbon Black App Control is manageable and adaptive. The solution enables administrators to implement application control capabilities by providing methods of handling initial approval and trusted change overtime.
Not all machines and environments are alike. Prevention is customizable for systems and groups - admins can implement unique policies with different sets of rules as well as "Enforcement Levels" to determine how prevention is handled.