Application Control does an all-inclusive job when it comes to application allowlisting and blocklisting. Built-in with leading
Endpoint Privilege Management capabilities, it ensures that it protects organizations from most application-related threats.
Endpoint Central's Block Executable feature on the contrary is rudimentary and is aimed to help organizations with maintaining their levels of productivity.
Application Control instantly discovers and displays all running applications and categorizes them based on their vendor, product name, folder path and digital certificates. Applications running specific to a group of users can also be filtered and viewed. Necessary apps can simply be selected and added into allowlists/blocklists from the list displayed.
Endpoint Central's Block Executable feature has no options to filter and categorize applications, the IT administrator must manually enter the name of the application and executable that he wishes to block.
Allowlists and Blocklists can be created on both broad and granular levels by leveraging the predefined set of rules that Application Control has to provide. Rules based on Vendor, Product Name and Folder Path can be opted for when organizations are just beginning with their control process, as they are flexible with the changes that occur during patching. The Verified Executable and File Hash rule can be chosen by experienced networks that prefer complete security.
Endpoint Central's Block Executable feature, however, allows blocklisting based only on two rules, Path and Hash. With no added capabilities to manage patching changes, IT administrators will have to manually update these lists after every patching cycle.