About application control, system lockdown, and device control

To monitor and control the behavior of applications on client computers, you use application control and system lockdown. Application control allows or blocks the defined applications that try to access system resources on a client computer. System lockdown allows only approved applications on client computers. To manage hardware devices that access client computers, you use device control.
Application control and system lockdown are advanced security features that only experienced administrators should configure.
You use application control, system lockdown, and device control for the following tasks.
Application control
  • Prevent malware from taking over applications.
  • Restrict the applications that can run.
  • Prevent users from changing configuration files.
  • Protect specific registry keys.
  • Protect particular folders, such as \WINDOWS\system.
You configure application control and device control using an Application and Device Control policy. See:
System lockdown
  • Control the applications on your client computers.
  • Block almost any Trojan horse, spyware, or malware that tries to run or load itself into an existing application.
System lockdown ensures that your system stays in a known and trusted state.
If you do not implement system lockdown carefully, it can cause serious problems in your network. Symantec recommends that you implement system lockdown in specific stages.
You configure system lockdown in the
tab on the
page. See:
Device control
  • Block or allow different types of devices that attach to client computers, such as USB, infrared, and FireWire devices.
  • Block or allow serial ports and parallel ports.
For more information, see:
Both application control and device control are supported on 32-bit and 64-bit Windows computers.
As of 14, Mac computers support device control.