Overview

Heimdal Application Control delivers enterprise-grade endpoint security by enforcing strict policies on which processes are permitted. As a module of the Heimdal Agent, it monitors every process launch and decides whether to allow, block, or automatically elevate it. Built for Windows clients, the solution integrates tightly with Privileged Access Management and supports zero-trust execution models. It accelerates administrative flows via default rulings and granular rulesets, adapting controls for individual users or AD groups.

Features and Capabilities

• Whitelisting & Blacklisting: Approve or block apps based on path, publisher, certificate, MD5, signature, or software name.
• Default File Action: Automatically allow or block unknown files based on policy state.
• Auto Elevation Support: Automatically restart allowed processes with admin rights when needed.
• Zero‑Trust Execution Mode: Blocks unauthorized unsigned executables to contain zero‑day threats.
• Granular Rule Targeting: Apply rules to users or groups via AD-based targeting.
• Comprehensive Logging: Four views in the dashboard—full logging, allowed, blocked, auto‑elevated—for audit and compliance.
• ProcessLock Service: Kernel-mode interception to block processes in under 5 seconds.
• Policy Modes: Switch between driver-based interception, report-only, and ruleset enforcement.
• Integration with PAM: Seamless coordination with Privileged Access Management to de‑elevate rights when necessary.
• Compliance-aligned: Meets NIST AC‑1.6 and supports CIS, NIS2, and ISO27001 frameworks.