Application Control, Ringfencing, and Elevation
Windows and Mac both have Application Control with Default Deny. Both operating systems are able to permit or deny by Full Path, Process Path, Certificate, and Hash Only Rules. Mac does not currently support Application Control via Parent Process.
Both Mac and Windows support Policy driven access, with the ability to schedule policies, and expire policies. Both systems also allow granualrity by defining who the policy will apply to. Windows policies can take advantage of Users and Groups, along with Integrations like Active Directory, to define who a policy will apply to. Mac currently only supports Computer and Group level policies. Windows supports Computer, Group, Organization, Global Groups, and Global level policies.
Both Mac and Windows have Built-In Applications, managed by ThreatLocker.
Both Mac and Windows are supported by Ringfencing. Both operating systems can Ringfence an application from interacting with other applications, other files, and from accessing the network. Windows applications can be restricted from accessing the Windows registry. Both Mac and Windows can use Tags to support simplifying Ringfencing network restrictions.
Both Mac and Windows systems allow for the full suite of Elevation options. Both systems will allow a specific application to be Elevated to run as a local administrator, and include notification of the end user that Elevation is in place. Both systems also have an option to force the program to run as a standard user. Both systems also allow the elevation to expire based on a time setting within the policy. Windows and Mac Elevate differently, based on OS variances. However, the resulting outcome is the same.