### **Allowlisting** * **Default-Deny Application Control** * Blocks all applications by default unless explicitly allowed * Prevents unauthorised and malicious software from executing * **Granular Application Approval** * Allow specific apps, versions, and scripts based on your policies * Helps prevent zero-day attacks and unauthorised software use * **Fileless Malware Protection** * Stops script-based and in-memory attacks by blocking unapproved processes * Protects against threats that bypass traditional antivirus * **Real-Time Learning Mode** * Quickly builds a baseline of known-good applications * Simplifies the initial deployment and approval process * * * ### **Ringfencing** * **Application Containment** * Controls how approved applications interact with files, the registry, network, and other software * Prevents applications like Office or web browsers from accessing sensitive areas or tools like PowerShell * **Block Lateral Movement** * Restricts compromised applications from being used to move laterally across your network * Limits access to only what’s necessary for normal operations * **Protect Against Living-off-the-Land Attacks** * Stops abuse of legitimate tools like PowerShell, Command Prompt, and scripting engines * Enforces strict policies around script execution * **Custom Policies Per Application** * Define how each application behaves based on business needs * Restrict internet access, drive access, or file sharing on a per-app basis