An Application Control scenario meaning the prohibition of any application that was not specifically mentioned on administrator-prepared allowlists. It requires a allowlist of work-related apps to be compiled beforehand. While greatly reducing the potential attack surface (NOTHING that is not included on the admin’s allowlist, except system components, will run – including malware) and increasing productivity (no work-unrelated software will be able to run), it also reduces maintenance costs providing higher stability for endpoints due to reduction of “DLL hell,” “registry pollution,” and other problems inherent in Windows OS. It is a perfect choice for any system where compliance is required.