Blueshift Protect is a SOC-managed, zero trust application allowlisting solution designed to prevent unauthorized application execution on endpoints. It operates on a default-deny model, blocking all unknown executables and scripts unless they are verified against a global allowlist of approximately 12 million trusted applications. The solution uses static file analysis at the endpoint, with unknown applications analyzed in the cloud to conserve local resources. Once classified as safe, applications are added to the global allowlist for all users. Trusted software publishers (e.g., Microsoft, Adobe) are allowlisted by signature, removing the need to manually hash individual application versions. Key protection capabilities include: - Global and local application allowlists - Script and macro execution control (including Microsoft Office) - Signature-based publisher allowlisting - Device authentication using a device uniqueness algorithm as a second MFA factor - RDP port access control via an allowlist of authenticated devices - Fileless malware and zero-day script-based attack prevention - Protection against lateral movement via SMB The product supports Windows (XP through 11), Windows Server, macOS, MacBooks, and Android devices. It is backed by a 24/7 SOC that monitors endpoints and proactively alerts customers to threats or vulnerable software. The solution is developed and supported entirely in the United States.