{{ secondMenu.name }}
{{ language }}
Application control helps you manage the use of software on an endpoint based on built-in and custom rules. You can prevent blacklisted software from running and record software operation logs.
To manage application blacklists, go to Policies > App Control > App Blacklists, as shown in the following figure.
Click New to create an application blacklist. You can add applications to the blacklist, and specify endpoints to which the blacklist applies, the schedule of the blacklist takes effect, and the action to take when a blacklisted application is detected, as shown in the following figure.
Software uninstallation is supported only for endpoints that run Windows 7 and later or Windows Server 2012 and later.
The application signature database provides default application signatures and supports custom application signatures.
Suppose a required application signature is not included in the default application signature database. In that case, you can go to Policies > App Control > App Signature Database and add the application signature, as shown in the following figure.
App Group: The group to which the custom application belongs.
Action: The scope of child process identification. An application may have child processes whose names differ from the application name. We recommend that you select Identify all child processes so that you can identify and terminate all child processes of an application.
You can identify a custom application using one or more application information groups. Each application information group consists of multiple fields, including Digital Signature, Copyright, Process Description, Icon Hash, and Product Name. You can click the corresponding button to add an information field. To add an application information group, click Add Software Info Group.
If the application has only one child process, you need to add only one application information group. Otherwise, you need to add multiple application information groups. Multiple information fields or an application information group must match to identify an application uniquely.
You can specify software metering policies. Athena EPP automatically collects the operation statistics of metered software on all managed endpoints. If you have configured an email notification, Athena EPP sends you an email in case of insufficient license, unauthorized software use, or license expiration. 
You can click New and set the following parameters to create a metering policy:
Software Name: The name of the software.
Process Name: The name of the process file. If two process names are the same, the number of executions and usage duration of the corresponding software are repeatedly metered.
Authorization: Enable it to trigger license-related alerts rather than limiting the software usage on endpoints. You can fill in the information as needed. Enable this on specific endpoints only.
You can click License Alert Settings to configure alert settings on events such as insufficient license, license expiration, and use of non-commercial software.
After you save the settings, you can go to Endpoints > Endpoint Inventory > App Assets > Software Metering to view the software metering information in columns such as Total Duration, Total Usages, Endpoints Installed, Endpoints Installed (Non-Commercial), Licenses, Status, License Expiration Date, and Metering Start Time.
Once you find a piece of non-compliant software on a managed endpoint, you can remotely uninstall the software. This is the last action in the software lifecycle management.
To uninstall the non-compliant software from all managed endpoints, go to Endpoints > Endpoint Inventory > App Assets > Software and click Uninstall in the Operation column.
You can also click the software name to go to the details page, select an endpoint, and uninstall the software from only the selected endpoint.
After you click Uninstall, you need to create an uninstallation task.
Manual Uninstallation: You can select this method to uninstall any software.
Silent Uninstallation: You can select this method to uninstall software that supports silent uninstallation.
Schedule: The task will be executed during the specified period.
Max Retries: If the task fails on the first try, it retries until the software is uninstalled from the endpoint or it meets the Max Retries, whichever comes first.
Notification: If you check this option, the endpoint user will be notified 5 minutes before and when the uninstallation starts. 
After you create an uninstallation task, you can go to Policies > App Control > Software Uninstallation to check the task progress.
Software uninstallation is supported only for Windows 7 and above endpoints or Windows Server version 2012 and above.
{{ $t('index.defaultHeader.chromeBrowserTip') }}