Content Release: Application Control 2026-04-09

Release Announcements Lifecycle (Release Announcements)
1

The BigFix Team is pleased to announce the release of version 2.0.0 of BigFix Application Control.

The main reasons to upgrade to this release are as follows:

Application Control (WDAC)

  • Overview
    BigFix Application Control provides application allowlisting and blocklisting for Windows endpoints using Windows Defender Application Control (WDAC). It enables administrators to deploy, manage, and monitor application control policies from the BigFix platform.

    This release includes policy deployment, enforcement, and reporting capabilities.

  • New Features
    WDAC Base Policy Deployment
    • Deploy Microsoft-provided WDAC base policies to Windows endpoints
    • Policies are deployed and activated using BigFix Fixlets

    Supplemental Policy Deployment
    • Deploy WDAC supplemental policies to endpoints with an active base policy

    Centralized Policy Management
    • Manage WDAC policies from the BigFix Console
    • Support for publisher, file hash, and file path rules
    • Support for Audit and Enforcement modes

    Monitoring and Reporting and Audited Application Blocks
    • Collect and report applications that would be blocked in Audit mode
    • Validate application impact before enforcement

    Blocked Application Reporting
    • Report blocked application execution events in Enforcement mode
    • Includes application name, file path, hash, publisher, rule, and timestamp
    • Events aggregated across endpoints to identify frequently blocked applications
    • Identify impacted endpoints and analyze block patterns

    Active Policy Monitoring
    • View active WDAC policies on endpoints
    • Includes base and supplemental policies and enforcement mode
    • Verify policy enforcement and ensure compliance across endpoints

    Deployment Status Monitoring
    • Track policy deployment status across endpoints
    • Identify failed or incomplete deployments

    Policy Management and Policy Removal
    • Remove WDAC base or supplemental policies from endpoints for rollback or recovery

    Security
    • Policies are securely signed to ensure integrity
    • Role-based access control for policy operations

    Performance and Scalability
    • Support for large-scale deployments
    • Minimal impact on endpoint performance during enforcement
    • WDAC policies applied without reboot

Additional information about this release

  • Published site and components version:

    • Application Control - Site Version: 02

Useful links

– HCL BigFix – Lifecycle Team

2 Likes