Question Blacklist Application Control

Please provide comments and solutions that are helpful to the author of this topic.
Parkinsond said:
Could this app represent a good blacklist application control?

www.appcontrol.com

AppControl - Advanced Task Manager with History

Track CPU, memory, disk, Temp, and GPU usage history on your Windows PC. AppControl offers long-term system monitoring and powerful controls beyond Task Manager.
www.appcontrol.com www.appcontrol.com
Click to expand...
Based on the vendor’s own description, this looks more like an “advanced Task Manager + monitoring/alerts” tool than a true “application control” product.

Why it’s probably not a strong “blacklist application control”
  • The site markets AppControl as a historical Task Manager with “controls” like permanently disabling apps and blocking publishers. That usually means it can kill/stop processes and/or disable startup/scheduled tasks, not necessarily prevent code from executing in the first place.
  • Their EULA explicitly describes it as a “simple rule system” that can “disable or kill processes,” and even warns about breaking remote access/critical processes. That wording strongly suggests reactive control (after something starts) rather than OS-enforced execution blocking.
  • Blacklist-style control in general is weaker than allowlisting because attackers can change filenames/hashes, use living-off-the-land binaries, script hosts, side-loading, etc. Even a well-made deny list tends to be bypassable compared to allowlist policies.

What “real” Windows application control usually means
Microsoft’s “application control” (WDAC / App Control for Business, and in some cases AppLocker) is about enforcing what is allowed to run, using Code Integrity-based policy, not just terminating a process after it starts. Microsoft explicitly frames it as moving from “everything runs unless AV says it’s bad” to “only runs if policy allows it.”

So if your goal is actual application control (especially for security hardening), WDAC/App Control for Business (or AppLocker where appropriate) is the category to look at, not a Task Manager-style utility.

Where AppControl (appcontrol.com) can still be useful
It may still be useful as a visibility/response tool:
  • Historical monitoring (CPU/RAM/GPU usage, activity over time)
  • Alerts about “new/unusual apps”
  • Quickly stopping/disable-looping nuisance processes
  • Optional “suspicious app detection” (note: their privacy policy says it can send executable name/hash/publisher details if you enable it)
Just don’t treat that as equivalent to policy-enforced application control.

Practical recommendation
If you want “application control” for security, prefer Windows-native enforcement (WDAC/App Control for Business; possibly AppLocker depending on edition/use case) and keep AV/Defender enabled. Consider AppControl (this app) only as a supplementary monitoring/management tool, not as your primary execution-control layer.

Sources
 
Bot said:
Based on the vendor’s own description, this looks more like an “advanced Task Manager + monitoring/alerts” tool than a true “application control” product.

Why it’s probably not a strong “blacklist application control”
  • The site markets AppControl as a historical Task Manager with “controls” like permanently disabling apps and blocking publishers. That usually means it can kill/stop processes and/or disable startup/scheduled tasks, not necessarily prevent code from executing in the first place.
  • Their EULA explicitly describes it as a “simple rule system” that can “disable or kill processes,” and even warns about breaking remote access/critical processes. That wording strongly suggests reactive control (after something starts) rather than OS-enforced execution blocking.
  • Blacklist-style control in general is weaker than allowlisting because attackers can change filenames/hashes, use living-off-the-land binaries, script hosts, side-loading, etc. Even a well-made deny list tends to be bypassable compared to allowlist policies.

What “real” Windows application control usually means
Microsoft’s “application control” (WDAC / App Control for Business, and in some cases AppLocker) is about enforcing what is allowed to run, using Code Integrity-based policy, not just terminating a process after it starts. Microsoft explicitly frames it as moving from “everything runs unless AV says it’s bad” to “only runs if policy allows it.”

So if your goal is actual application control (especially for security hardening), WDAC/App Control for Business (or AppLocker where appropriate) is the category to look at, not a Task Manager-style utility.

Where AppControl (appcontrol.com) can still be useful
It may still be useful as a visibility/response tool:
  • Historical monitoring (CPU/RAM/GPU usage, activity over time)
  • Alerts about “new/unusual apps”
  • Quickly stopping/disable-looping nuisance processes
  • Optional “suspicious app detection” (note: their privacy policy says it can send executable name/hash/publisher details if you enable it)
Just don’t treat that as equivalent to policy-enforced application control.

Practical recommendation
If you want “application control” for security, prefer Windows-native enforcement (WDAC/App Control for Business; possibly AppLocker depending on edition/use case) and keep AV/Defender enabled. Consider AppControl (this app) only as a supplementary monitoring/management tool, not as your primary execution-control layer.

Sources
Click to expand...
I was asking to get feedback from someone who actually used the app, to avoid "probably".
 
Parkinsond said:
I was asking to get feedback from someone who actually used the app, to avoid "probably".
Click to expand...
I can’t give “I used it and here’s what happened” feedback, because I’m an AI and I don’t have first-hand usage or a lab history that would be honest to present as personal experience.

What I can do is help you get reliable, non-speculative feedback and validate whether it behaves like real blacklist application control.

How to get “actual user” feedback (reliably)
  • Look for long-form user reports (not just star ratings): MalwareTips threads, Wilders Security, Reddit (with skepticism), and GitHub/issue trackers if any exist.
  • Prioritize reports that include: Windows version/build, what exactly was blocked, whether it prevented execution or just terminated after launch, and any bypasses observed.
  • Treat “it blocked my malware” claims as weak unless they include reproducible steps or logs (because outcomes vary heavily by sample, settings, and timing).

How to verify if it’s “blacklist application control” vs “process killer”
Do this in a VM (or at least a throwaway test machine), with snapshots:
  • Create a block rule for a harmless test app (a portable EXE is easiest).
  • Test whether the EXE can start at all:
    • Double-click launch
    • Launch from cmd/PowerShell
    • Launch via scheduled task
    • Launch via another parent process (a launcher)
  • Watch the behavior:
    • If Windows shows a block message and the process never starts, that’s closer to true execution blocking.
    • If the process starts briefly and then is killed, that’s reactive control (much easier to bypass in the real world).
  • Test common bypass angles (still with benign tools):
    • Rename the EXE (filename-based rules break here)
    • Copy to a new folder (path rules break here)
    • Update/recompile to change hash (hash rules break here)
    • Try a signed “publisher” scenario (to see if it truly enforces signer-based rules reliably)

If your end-goal is security hardening
Even if AppControl is useful for visibility and “stop/disable” convenience, the security bar for “application control” is usually “policy-enforced execution control” (on Windows that generally means WDAC / App Control for Business, and sometimes AppLocker depending on edition/use case). Those are designed specifically to prevent execution, not just respond after the fact.

Next step
If you want, post a screenshot of the rule options UI (what match conditions it supports: signer/publisher, hash, path, parent process, script control, etc.) and any block event/log it produces. With that, it’s possible to assess—without guessing—what class of control it really provides and how bypass-resistant it’s likely to be.
 
Zero Knowledge said:
Looks very polished and slick, nice clean website also. Kind of looks like Glass Wire.
Click to expand...
Agree; I wonder if some of MT members tried before.
I need to know before installing, if the rules for blocking apps is premanent or just temporary until W restart.
 
Because the blocking is reactive, a malicious app could theoretically execute code before AppControl detects and terminates it.

The "Permanent" blocking relies entirely on AppControl.exe maintaining persistence (Auto-Start) in the Registry.

The rules are saved to a configuration file or registry, meaning they do not disappear when you restart Windows. You do not need to re-block apps every time.

Unlike Windows' native "AppLocker" or "Smart App Control," this software appears to function as a reactive task killer. It must be running in the background to enforce these rules. If the AppControl application is closed, crashed, or removed from startup, the "blocked" apps will be able to run freely.

Do not rely on this for security (e.g., blocking malware or preventing child access). A sophisticated user or malware can easily bypass a user-mode process killer.
 
  • Like
Reactions: Zero Knowledge
LinuxFan58 said:
Looks nice, seems it can warn on service start, MIC access, unsigned app and even suspicious app, so it is more that a taskmanger.

To me it looks like a cross over of Glass Wire and (new) Spyshelter acting as IDS in stead of HIPS.
Click to expand...
Tumbled over on Softpedia; I check the website daily as a source of software news.
 
  • Hundred Points
Reactions: LinuxFan58

You may also like...