Airlock Digital

Frequently Asked Questions (FAQs)

Customers typically implement our solution, including enablement of enforcement mode, within a few weeks of acquisition. 

Factors that influence implementation times include the degree of software standardization within the customer environments and the number of times an administrator tunes policy within the solution.

The Airlock Digital support team can provide tailored advice and support, while qualified and experienced partners are available to deliver full implementation services.

The Airlock Digital Enforcement Agent currently supports enforcement on the following operating systems:

Windows Family
- Windows® XP SP3, 7 SP1, 8, 8.1, 10 and 11;
- Windows® Server 2003 SP1, 2008R2, 2012, 2012R2, 2016, 2019, 2022, 2025
(all platforms include 32bit and 64bit support and are compatible with Core versions of the respective Windows® versions. Windows 11 also includes ARM64 support.).

Note: The Windows Enforcement Agent can operate and be installed on Embedded operating systems assuming the appropriate dependencies are included such as the Windows Installer service. However due to the custom nature of these builds Airlock Digital is unable to guarantee compatibility.

Linux Family
- CentOS / Red Hat Linux 6.3+ / 7.2+ / 8.x / 9.x (including Stream)
- Oracle Linux 7.7+ / 8.2+ (including UEK kernels)
- Rocky Linux
- Amazon Linux 2
- Ubuntu 14.x, 16.x, 18.x, 20.x, 22.x
- AlmaLinux

Note: Secure Boot is only supported on Linux when a platform MOK key is manually loaded on the machine and the Linux kernel version requires a driver to be loaded. For more information, please see the following KB article: https://support.airlockdigital.com/support/solutions/articles/9000184638-linux-enforcement-agent-secure-boot

Note: Driverless operation mode is only supported on modern Linux kernels. More information about driverless support can be found in the following KB article: https://support.airlockdigital.com/support/solutions/articles/9000207382-linux-agent-kernel-operation-modes

Note: As of v5.0+ ‘Snap’ packages by Canonical on Unbuntu are not supported. The agent will allow these packages to execute unrestricted. This is planned to be addressed in a future release. Note: Only 64bit versions of Linux distributions are supported. There are no 32bit or ARM64 packages built for the Linux Enforcement Agent at this time.

macOS Family
- Catalina 10.15+
- Big Sur 11.x+
- Monterey 12.x+
- Ventura 13.x+
- Sonoma 14.x+
- Sequoia 15.x+
Note: macOS agents require that both Full Disk Access and Notification System Privileges are granted, in order for the agent to apply policies and notify users. Both Intel & Apple Silicon architectures are supported

Vendors can group application control (allowlisting) and Privileged Access Management together; however, they represent two different approaches.
 
Privileged Access Management is designed to control ‘who can run what’ within an enterprise. It provides administrative privileges where required for the launch of a given application,  or to prevent applications from executing at a high level (typically executables only).
 
Application control (allowlisting or whitelisting) is designed to control ‘what files can run’ within an enterprise. It is designed to control the execution of code on the system and as a result is far more granular in nature.
 
To a degree, both controls achieve similar outcomes. However application control (allowlisting) delivers a more comprehensive security posture, as the control focuses on the files rather than the user. Airlock Digital is a pure play application control (allowlisting) vendor, with a solution designed to enforce high security allowlists within enterprise environments.

Airlock Digital prioritizes alignment with the Australian Signals Directorate Essential Eight Mitigation Strategies. and is committed to making changes to its solution as the requirements change. This is tailored to help customers align with Maturity Level 3 for Application Control.


Read more about the Essential Eight Maturity Model.

Microsoft Windows Defender Application Control™ (WDAC) and AppLocker™ are technologies natively built into newer versions of the Windows operating system, which have the ability to block the execution of files based on a provided policy. These technologies do not incorporate centralized logging (by default) and use Group Policy as their policy deployment mechanism, making them comparatively difficult to manage and maintain.

Airlock Digital has a range of advantages, including:
– Native centralized reporting;
– Dedicated web based management console;
– File metadata collection, which creates a centralized repository of all files seen;
– Ability to deploy, update and apply policies rapidly (less than one minute);
– Linux and macOS support;
– One time password (OTP) and self service exception mechanisms; and

Learn more about the differences between AppLocker and Airlock Digital.

Airlock Digital enables customers to trust publishers seen in their environments. On Windows and macOS, this means trusting a code signing certificate or digital signature. Most major software companies’ and operating system files are signed and enable customers to apply updates without requiring file exceptions.

On Linux systems, Airlock Digital can trust application updaters, meaning most major CentOS/RHEL/Ubuntu distributions can have updates applied without file exceptions.

These features reduce the number of blocks to a minimum and significantly reduce the management of an allowlist policy.

For external logging of all platform data in real-time, the solution integrates with:

Airlock Digital can export most data within the platform to common formats like .CSV & .XML. Learn more about Airlock Digital SIEM integrations.

Effectively managing the introduction of new applications and scenarios in which a user urgently needs to run a blocked application are key to the success of an application control (allowlisting) implementation. 

Airlock Digital incorporates One Time Password (OTP) functionality that handles exceptions through a time-based audit mode (this can be applied through self service and/or a service desk workflow). During this session, the user can run unapproved files. Once the code expires/is revoked, the device returns to the original policy. The Airlock Digital administrator can then review what the user ran during their session and update the organization’s allowlist if required.

Unable to find what you were looking for?

Contact Us

Send us your inquiry and we will get in touch with you as promptly as possible with answers or solutions.