# Application Control Software | Application Control System - ManageEngine Application Control Plus ![Background](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-background.png) ## Control every app and privilege on your endpoints - 30-day free trial - No credit card required - Free forever up to 25 endpoints ## Just-in-time access control Grant temporary application execution and privilege elevation, then automatically revokes access based on policy. *Available only in Endpoint Central with Application Control and Endpoint Privilege Management add-on* ### Autonomous approval for elevation requests ![Autonomous approval](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-jit-1.png) Automatically approve trusted elevation requests using confidence scoring and policy context. ### Eliminate shadow IT risk Gain visibility into unapproved software and decide what runs in your environment. ### Just-in-time access control Grant temporary application execution and privilege elevation, then automatically revoke access based on policy. ### Passwordless application elevation ![Passwordless Elevation](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-jit-2.png) Run approved applications with elevated privileges without exposing admin credentials. ### Identify and remove unnecessary admin rights ![Admin Sprawl](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-jit-3.png) Detect systems with local admin accounts and remove excess privileges. ## Block the unknown. Elevate only when necessary. ### Application Control ![Application Control Icon](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-icon-7.svg) Stop unauthorized applications from running on endpoints. - **[Allowlist](https://www.manageengine.com/application-control/application-allowlisting.html?acp-new-homepage-features) and [blocklist apps](https://www.manageengine.com/application-control/application-blocklisting.html?acp-new-homepage-features)** Create rules to allow trusted applications and block risky or unapproved software. - **[Audit unauthorized applications and block events](https://www.manageengine.com/application-control/unmanaged-applications.html?acp-new-homepage-features)** See what would be blocked before enforcement. Track unmanaged executions and block attempts. - **[Just-in-time application access](https://www.manageengine.com/application-control/just-in-time-access.html)** Temporarily allow specific apps when needed and revoke access automatically. ### Endpoint Privilege Management ![Endpoint Privilege Management Icon](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-icon-8.svg) Grant temporary admin access when users need it. - **[Eliminate excessive admin privileges](https://www.manageengine.com/application-control/remove-admin-rights.html?acp-new-homepage-features)** Eliminate standing local admin access to reduce attack surface. - **[Passwordless, app-specific elevation](https://www.manageengine.com/application-control/request-access.html?acp-new-homepage-features)** Elevate only the app or task without sharing admin passwords. - **[Just-in-time elevation access](https://www.manageengine.com/application-control/just-in-time-access.html?acp-new-homepage-features)** Grant time-bound elevation and auto-revoke based on policy. - **[Elevate control panel and administrative tools](https://www.manageengine.com/application-control/how-to/epm-elevate-com-objects.html?acp-new-homepage-features)** Allow standard users to securely access Control Panel applets and built-in administrative tools without full admin rights. ## Know what runs. Control what matters. Discover what runs, validate in audit mode, then apply policy-based control. ### 01 Discover ![Discover](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-icon-4.svg) Identify applications running across endpoints. ### 02 Audit ![Audit](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-icon-5.svg) Monitor execution and policy impact without disrupting users. ### 03 Enforce ![Enforce](https://cdn.manageengine.com/sites/meweb/images/application-control/images/acp-home-icon-6.svg) Allow only approved applications and blocks everything else by policy. ## Key Metrics - **5M+** Endpoints secured - **100+** Countries served - **5000+** Organizations worldwide ## Pick the Right Path to Control Start free to validate policies. Upgrade when you are ready to roll out controls at scale. ### Free Edition **$0** — up to 25 endpoints ### Professional Edition **$6** — / endpoint per year* \*for 1000 endpoints ### Features - Application allowlisting and blocklisting - Audit mode visibility for apps and elevation - Policy-based control for execution and privilege - Elevation workflows without sharing admin credentials - Reporting and activity trail for governance The more you scale, the lesser you pay per endpoint. Get a personalized [quote](https://www.manageengine.com/application-control/get-quote.html?acp-new-price-card) ### Want complete endpoint protection? #### Explore Endpoint Central + Everything in Application Control Plus - Vulnerability management - Patch Management - Enterprise data security - Data loss prevention - Endpoint detection and response - Enterprise browser security - Peripheral device control ## Frequently Asked Questions ### How does application control reduce the attack surface? Application control reduces the attack surface by limiting which applications can execute on endpoints. By blocking unknown, unmanaged, or unnecessary software, it eliminates common entry points attackers exploit such as rogue installers, living-off-the-land binaries, and user-installed tools. ### What types of organizations need application control? Application control is essential for organizations that: - Manage large or distributed endpoint environments - Handle sensitive or regulated data - Want to reduce insider risk and shadow IT - Need to enforce least privilege access - Require predictable security enforcement without productivity loss ### Can application control be deployed without disrupting users? Yes. Application Control Plus supports audit mode, allowing IT teams to observe application behavior before enforcing policies. This ensures legitimate business applications are not blocked unexpectedly and enables smooth, predictable enforcement. ### Can I get a demo of ManageEngine Application Control Plus? Yes. [Schedule a session](https://www.manageengine.com/application-control/request-demo.html?faq) with a security expert to evaluate how application control and least privilege can be implemented across your endpoints.