To monitor and control the behavior of applications on client computers, you use application control and system lockdown. Application control allows or blocks the defined applications that try to access system resources on a client computer. System lockdown allows only approved applications on client computers. To manage hardware devices that access client computers, you use device control.
Application control and system lockdown are advanced security features that only experienced administrators should configure.
You use application control, system lockdown, and device control for the following tasks.
Prevent malware from taking over applications.
Restrict the applications that can run.
Prevent users from changing configuration files.
Protect specific registry keys.
Protect particular folders, such as \WINDOWS\system.
You configure application control and device control using an Application and Device Control policy.