Practical Allowlisting and Execution Control

What is allowlisting?   What capabilities does allowlisting have?   How can you benefit from
the Airlock Digital allowlisting feature?
Watch the Demo
Airlock Digital’s allowlisting solution empowers organizations to define their security posture, reduce risks, and maintain operational continuity. Whether preventing malware, managing exceptions, or leveraging integrated threat intelligence, Airlock Digital puts you in control of what runs—and what doesn’t.

What is allowlisting?

Allowlisting (formerly known as application whitelisting) is considered a foundational cybersecurity strategy due to its effectiveness in the prevention of sophisticated malware and file-based attacks such as ransomware. As a result, implementing allow listing is highly recommended in a number of cybersecurity compliance frameworks including NIST, ASD Essential Eight and CMMC.

Developed by cybersecurity practitioners, Airlock  Digital addresses the technical and organizational challenges typically associated with allowlisting. Airlock Digital application control delivers purpose-built workflows that enable rapid and scalable deployment while significantly reducing staffing resources required for day-to-day management.

Allowlisting framework
Administrators control where and how they apply trust-hash, publisher, path or process
Unique configurations
Removes an adversary’s ability to test and validate their attacks
Blocklisting
Implement pre-defined rules aligned with the Mitre Att&ck framework, Microsoft recommended block rules or create your own
Broad file coverage
Execution control for all executables, application libraries, installers and scripts
Exception handling
Temporarily exclude devices from allowlisting with the One Time Password (OTP) functionality to ensure business continuity is maintained

Key Capabilities

Airlock Digital allowlisting enables organizations to reduce cyber risk and significantly uplift their endpoint security posture.

Through industry leading workflows that are easy to use, Airlock enables organizations of all maturity levels to maintain a long-term effective allow listing strategy without end user disruption.

Airlock Digital offers innovative, feature-rich allowlisting to help organizations protect hundreds of thousands of endpoints worldwide.

  • Define what files are trusted, block everything else, thereby preventing the execution of all untrusted and unknown code.
  • Access to real time execution data enables rapid policy management for minimal business disruption.
  • Intuitive product workflows empower IT staff to manage day-to-day operations, without the need for specialist cybersecurity expertise.
  • Deploy on premise or in the cloud using Airlock’s flexible product architecture.

Benefits

  • Pro-actively block malware, ransomware, and zero-day attacks.
  • Reduce the risk of cybersecurity breaches and the cost associated to recover.
  • Extend operational life of legacy systems and reduce the burden on IT resources.
  • Meet and maintain compliance requirements and regulatory standards.

Compliance & regulation

Allowlisting technologies are now written into Government standards and/or regulations worldwide, including:

Australia: ACSC Strategies to mitigate cybersecurity incidents (Essential 8)

United States: Top 10 Mitigations, NIST 800-171, Cybersecurity Maturity Model Certification (CMMC), Center for Internet Security Basic Six

New Zealand: Critical Controls 2022

Canada: Top 10 IT Security Action

Broad OS Support

Windows Family
Windows® XP SP3, 7 SP1, 8, 8.1, 10 and 11;
Windows® Server 2003 SP1, 2008R2, 2012, 2012R2, 2016, 2019, 2022, 2025
(all platforms include 32bit and 64bit support and are compatible with Core versions of the respective Windows® versions. Windows 11 also includes ARM64 support.).

Note: The Windows Enforcement Agent can operate and be installed on Embedded operating systems assuming the appropriate dependencies are included such as the Windows Installer service. However due to the custom nature of these builds Airlock Digital is unable to guarantee compatibility.

Linux Family
CentOS / Red Hat Linux 6.3+ / 7.2+ / 8.x / 9.x (including Stream)
Oracle Linux 7.7+ / 8.2+ (including UEK kernels)
Rocky Linux
Amazon Linux 2
Ubuntu 14.x, 16.x, 18.x, 20.x, 22.x
AlmaLinux

Note: Secure Boot is only supported on Linux when a platform MOK key is manually loaded on the machine and the Linux kernel version requires a driver to be loaded. For more information, please see the following KB article: https://support.airlockdigital.com/support/solutions/articles/9000184638-linux-enforcement-agent-secure-boot

Note: Driverless operation mode is only supported on modern Linux kernels. More information about driverless support can be found in the following KB article: https://support.airlockdigital.com/support/solutions/articles/9000207382-linux-agent-kernel-operation-modes

Note: As of v5.0+ ‘Snap’ packages by Canonical on Unbuntu are not supported. The agent will allow these packages to execute unrestricted. This is planned to be addressed in a future release. Note: Only 64bit versions of Linux distributions are supported. There are no 32bit or ARM64 packages built for the Linux Enforcement Agent at this time.

macOS Family
Catalina 10.15+
Big Sur 11.x+
Monterey 12.x+
Ventura 13.x+
Sonoma 14.x+
Sequoia 15.x+
Note: macOS agents require that both Full Disk Access and Notification System Privileges are granted, in order for the agent to apply policies and notify users. Both Intel & Apple Silicon architectures are supported