Overview McAfee® Application Control blocks unauthorized executables on servers, corporate desktops, and fixed-function devices. McAfee® Change Control monitors and prevents changes to the file system. Important: You can deploy Application Control and Change Control in a managed McAfee® ePolicy Orchestrator® (McAfee® ePO™) environment or in an unmanaged environment, also called standalone, or self-managed. Application Control uses dynamic whitelisting to guarantee that only trusted applications run on servers, devices, and desktops. It eliminates the need for IT administrators to manually maintain lists of approved applications. It guarantees protection without impacting productivity. With Application Control, you can: Prevent malicious, untrusted, or unwanted software from being executed. Automatically identify trusted software and grant it authorization to run. Block users from introducing software that poses a risk to your company. Change Control allows you to write-protect and read-protect critical files from unauthorized tampering. You can also define trusted programs or users to allow updates to protected files and registry keys. A change is allowed only if it's applied according to the software policies. With Change Control, you can: Detect, track, and validate changes in real time. Prevent changes using protection rules. Enforce approved change policies.