Top Ivanti Application Control Alternatives

ManageEngine's Endpoint Central, which was previously known as Desktop Central, serves as a comprehensive Unified Endpoint Management Solution that oversees enterprise mobility management. This solution encompasses all aspects of mobile app and device management, in addition to client management for various endpoints, including mobile devices, laptops, tablets, servers, and other computing machines. With ManageEngine Endpoint Central, users can streamline and automate numerous desktop management activities, such as software installation, patching, IT asset management, imaging, and operating system deployment, thereby enhancing operational efficiency across the organization. This tool is particularly beneficial for IT departments looking to maintain control over their diverse technology environments.

ThreatLocker® empowers organizations—from businesses and government agencies to academic institutions—with the ability to control exactly which applications are allowed to run in their environments. Built on a Zero Trust foundation, our suite of powerful cybersecurity tools puts control back in your hands. We believe in a future where every organization can operate securely and independently, free from the disruption of cyberattacks. That’s why our team of seasoned cybersecurity experts designed ThreatLocker: to give you the tools to stop threats before they start. With decades of experience developing cutting-edge security solutions, including email and content protection, ThreatLocker is our most advanced and comprehensive platform yet. It’s built to help you reduce risk, simplify your stack, and take control. Learn more at ThreatLocker.com.

Airlock Digital provides application control and allowlisting, used by organizations worldwide to protect against ransomware, malware and other cyber threats. Our deny by default solution enables customers to run only the applications and files they trust, with all others blocked from executing. This approach minimizes attack surfaces and helps organizations align their cybersecurity strategies with government frameworks and standards. By securing endpoints running legacy and new versions of Windows, macOS and Linux, we extend protection across IT and operational technology environments. Airlock Digital delivers endpoint protection to financial services, government, healthcare, manufacturing and other industry organizations of all sizes.

DriveLock’s HYPERSECURE Platform aims to strengthen IT infrastructures against cyber threats effectively. Just as one would naturally secure their home, it is equally vital to ensure that business-critical data and endpoints are protected effortlessly. By leveraging cutting-edge technology alongside extensive industry knowledge, DriveLock’s security solutions provide comprehensive data protection throughout its entire lifecycle. In contrast to conventional security approaches that depend on fixing vulnerabilities after the fact, the DriveLock Zero Trust Platform takes a proactive stance by blocking unauthorized access. Through centralized policy enforcement, it guarantees that only verified users and endpoints can access crucial data and applications, consistently following the principle of never trusting and always verifying while ensuring a robust layer of security. This not only enhances the overall security posture but also fosters a culture of vigilance within organizations.

Access privileges and their corresponding credentials play a crucial role in safeguarding an organization's sensitive information. The nature of this sensitive data can differ widely depending on the sector; for instance, healthcare entities manage extensive patient records, while banks oversee financial and customer information. It is vital to secure access to these privileged accounts, as they are frequently unmanaged and scattered throughout the organization. A comprehensive Privileged Access Management solution, such as Securden Unified PAM, is essential for gathering all privileged identities and accounts into a centralized vault, simplifying management. By limiting access to these accounts and applying the Just-in-time access principle, organizations can enhance security. Users can initiate remote connections to authorized IT resources with a single click, while monitoring and managing these sessions for users, third-party vendors, and IT administrators through shadowing capabilities. Additionally, organizations should eliminate local admin rights on endpoints and implement application control policies to effectively uphold a Zero-Trust approach without hindering productivity. Furthermore, it is important to record and monitor all activities with thorough audit trails and actionable reports to maintain compliance with industry regulations, ultimately ensuring the protection of sensitive information.

Heimdal® Endpoint Detection and Response is our exclusive multi-faceted service that offers exceptional capabilities for prevention, threat hunting, and remediation. This service integrates the most cutting-edge threat-hunting technologies available, including Heimdal Next-Gen Antivirus, Heimdal Privileged Access Management, Heimdal Application Control, Heimdal Ransomware Encryption Protection, Heimdal Patch & Asset Management, and Heimdal Threat Prevention. With six modules functioning together harmoniously under a single platform and agent, Heimdal Endpoint Detection and Response provides comprehensive cybersecurity layers necessary for safeguarding your organization against both familiar and unfamiliar online and internal threats. Our advanced product enables rapid and precise responses to complex malware, ensuring that your digital assets are protected while also maintaining your organization's reputation. By consolidating these capabilities, we deliver an efficient solution that addresses the evolving challenges of cybersecurity effectively.

Zscaler stands out as a pioneer with its Zero Trust Exchange platform, which utilizes the most expansive security cloud in the world to optimize business functions and improve responsiveness in a fast-evolving landscape. The Zero Trust Exchange from Zscaler enables rapid and safe connections, allowing employees the flexibility to operate from any location by treating the internet as their corporate network. Following the zero trust principle of least-privileged access, this solution provides robust security through context-aware identity verification and stringent policy enforcement. With a network spanning 150 data centers worldwide, the Zero Trust Exchange ensures users are closely connected to the cloud services and applications they depend on, like Microsoft 365 and AWS. This extensive infrastructure guarantees the most efficient routes for user connections, ultimately delivering comprehensive security while ensuring an outstanding user experience. In addition, we encourage you to take advantage of our free service, the Internet Threat Exposure Analysis, which is designed to be quick, secure, and private for all participants, helping organizations pinpoint vulnerabilities and effectively bolster their security defenses. Our commitment to safeguarding your digital environment is paramount, and this analysis serves as an essential step toward enhancing your organization's resilience against potential threats.

Identify and document all local administrator accounts on endpoints throughout your IT infrastructure. Remove unnecessary local administrators to mitigate the risk of malware and ransomware spreading within your network, while transitioning to a streamlined permission-based system for an enhanced user experience. Identify and incorporate applications that necessitate elevated privileges for automatic execution. Implement whitelisting and blacklisting strategies through detailed application control policies. Apply the principles of least privilege and zero-trust throughout the organization to bolster security. Ensure compliance with industry regulations by maintaining thorough audit trails and logging all activities. Additionally, monitor application usage organization-wide with detailed reporting to gather insights that aid in developing policies for an even smoother operational experience. Regular reviews and updates to these policies will further enhance security and usability.

Application Control Plus serves as a comprehensive enterprise solution that integrates both application control and privilege management functionalities to enhance the security of endpoints. It offers capabilities such as application discovery, rule-based whitelisting and blacklisting, management of privileges specific to applications, and just-in-time access to meet temporary needs, ensuring that it effectively addresses the complete range of application requirements for organizations. By leveraging these features, businesses can maintain a robust security posture while allowing for flexibility in their application usage.

Privilege Manager stands out as a comprehensive solution for endpoint privilege elevation and control, functioning with the speed of cloud technology. By eliminating administrative rights from local devices and enforcing policy-driven controls over applications, it effectively mitigates the risk of malware exploitation. Additionally, Privilege Manager not only blocks malware attacks but also ensures that end users experience no disruption, thereby maintaining productivity levels. Available in both on-premises and cloud formats, Privilege Manager caters to the needs of rapidly expanding businesses and teams, allowing them to efficiently oversee hundreds to thousands of machines. Moreover, it simplifies the management of endpoints for executives and auditors alike, boasting features such as embedded application control, real-time threat intelligence, and detailed actionable reports that enhance overall security management. With these capabilities, organizations can achieve a robust security posture while empowering their workforce.

Netwrix Privilege Secure for Endpoints is an all-encompassing tool designed for managing endpoint privileges, ensuring that the principle of least privilege is maintained across various settings, including domain-joined, MDM-enrolled, and standalone systems. This innovative solution allows organizations to revoke local administrative rights from end-users while providing a mechanism for controlled elevation of privileges for specific applications and tasks when required. Key features include the ability to selectively grant admin rights elevation for certain executables, delegate privileged access to settings typically restricted to local admin rights, and control PowerShell usage to prevent unauthorized execution of scripts. Moreover, it features workflows for user requests and admin approvals, allowing users to request elevated privileges through a secure process. By implementing these stringent controls, Netwrix Privilege Secure for Endpoints effectively minimizes the attack surface on endpoints, significantly reducing the chances of breaches resulting from compromised credentials or poor access management. In addition to bolstering security, this solution simplifies the oversight of user privileges across various computing environments, making it easier for organizations to maintain a secure and efficient operational landscape. Ultimately, it represents a forward-thinking approach to privilege management that adapts to the evolving landscape of cybersecurity threats.

Optimize the administration of user permissions by minimizing excessive access while simultaneously empowering rights for Windows, Mac, Unix, Linux, and an array of network devices, all while ensuring that employee productivity remains intact. Our approach has been successfully implemented across over 50 million endpoints, guaranteeing a rapid deployment that provides immediate benefits. BeyondTrust offers both on-premise and cloud-based alternatives, enabling organizations to effectively eliminate administrative rights without hindering user efficiency or increasing service desk requests. Unix and Linux systems are particularly vulnerable to both external threats and internal attacks, a situation that extends to connected devices such as IoT, ICS, and SCADA systems. When attackers gain root or elevated privileges, they can operate stealthily while accessing sensitive data and systems. BeyondTrust Privilege Management for Unix & Linux is recognized as a top-tier, enterprise-grade solution aimed at supporting security and IT teams in achieving compliance and protecting vital assets. This holistic strategy not only bolsters security but also promotes a sense of accountability within organizations, reinforcing the importance of vigilance in cybersecurity. By addressing privilege management comprehensively, businesses can better safeguard their environments against evolving threats.

Protect your business, customers, and employees with our premium identity security solution, which is based on a zero-trust framework. In the context of data security, passwords are often the weakest link. This is why multifactor authentication has become the benchmark in identity and access management, effectively preventing unauthorized access. With SecureKi, you can reliably authenticate the identities of all users. Frequently, compromised access credentials act as the main gateways for security breaches. Our comprehensive privileged access management system is specifically designed to supervise and control privileged access to different accounts and applications, providing alerts to system administrators about high-risk actions, streamlining operational processes, and ensuring adherence to regulatory requirements. Additionally, privilege escalation is a key factor in many cyber-attacks and system vulnerabilities. By adopting our solutions, you can substantially strengthen your organization's security framework while building trust with your stakeholders. In doing so, you will not only protect your assets but also cultivate a culture of security awareness throughout your organization.

Revolutionize your security strategy by removing the need for user accounts with high-level privileges through innovative endpoint privilege management solutions. This state-of-the-art technology provides outstanding security across all endpoints by regulating permissions at both the application and process levels, thereby enhancing user productivity. By mitigating the dangers associated with granting administrative rights, it also lightens the burden on your IT department. Endpoint Privilege Management follows the Principle of Least Privilege, offering strict oversight of application-level permissions, which enables users to work efficiently. Furthermore, it acts as a barrier against threats such as ransomware, malware, and crypto viruses, preventing them from breaching your network, even if users have elevated access. By carefully managing privileges at the application and process levels, organizations can effectively stop unauthorized encryption activities with advanced endpoint protection solutions. This robust implementation of least privilege security not only boosts productivity but also considerably minimizes the demand for ongoing IT support, paving the way for a more efficient operation. Consequently, businesses can concentrate on their primary objectives while maintaining confidence in their cybersecurity defenses. Additionally, embracing such technology fosters a proactive security culture that empowers employees and encourages safe browsing habits.

Heimdal Application Control introduces an innovative method for managing applications and defining user permissions. The modular design ensures straightforward setup, enabling system administrators to establish comprehensive, rule-based systems that facilitate automated dismissal and approval processes. Additionally, it enforces specific rights based on Active Directory groups, enhancing security protocols. A key feature of this tool is its seamless integration with Privileged Access Management (PAM) solutions, providing users with precise control over both software inventories and hardware resources. This integration not only boosts efficiency but also strengthens the overall security framework, allowing for meticulous management of user access and application usage.

Your security must be as flexible as your operations. The Endpoint Privilege Manager offers real-time modifications, enabling users to obtain local admin access instantly when necessary. Cybercriminals are constantly on the lookout for vulnerabilities, but we mitigate this risk by automatically blocking credential theft before it can cause any damage. With the myriad of ransomware strains existing today, our solution effectively defends against all of them. It facilitates the temporary elevation of user privileges for specific tasks swiftly and effortlessly, reducing the need for help desk intervention. Prevent ransomware from standing in your way. Take charge of local admin accounts without disrupting everyday activities. Securely operate from any device and location, ensuring that both your assets and your organization's reputation remain intact. Protect every endpoint while enabling a smooth operational process. By focusing on robust security, you can boost productivity while still prioritizing safety. Ultimately, a well-structured security approach not only protects but also enhances overall efficiency within your organization.

The ARCON | Endpoint Privilege Management (EPM) solution offers a dynamic approach to endpoint privileges, delivering access in a 'just-in-time' or 'on-demand' fashion while keeping a vigilant eye on all users. This powerful tool excels at detecting insider threats, compromised accounts, and various malicious efforts aimed at breaching endpoints. With its sophisticated User Behavior Analytics feature, the solution tracks regular user activities to identify any atypical behavioral patterns and other potential threats within the network. Its comprehensive governance framework enables you to swiftly blacklist harmful applications, limit data transfers from devices to external storage, and enforce precise access controls, allowing for the elevation or demotion of privileges as required. Regardless of the increasing number of endpoints resulting from remote work and flexible access policies, this single management tool ensures their security effectively. This flexibility empowers you to modify privileges according to your discretion and preferred timing, thereby maintaining both security and operational efficiency seamlessly. Ultimately, the solution not only safeguards sensitive information but also enhances overall productivity across the organization.

Quickly enabling Just-In-Time privilege elevation for all employees is essential for modern security. Both workstations and servers can be efficiently managed and onboarded through a user-friendly portal. Utilizing threat and behavior analysis, organizations can detect and thwart malware attacks and data breaches by pinpointing risky users and assets. Instead of elevating user permissions, applications are elevated, which streamlines the process and cuts costs by assigning privileges based on specific users or groups. Whether it's a seasoned developer in IT or a less experienced staff member in HR, there is an appropriate elevation strategy available for every type of user to effectively manage your endpoints. Admin By Request includes a comprehensive set of features that can be tailored to suit the unique requirements of different users or groups, ensuring a customizable approach to security. This flexibility allows organizations to maintain robust security while accommodating diverse workflows.

Application Control delivers exceptional security for applications and identity management across organizations of all sizes. Integrated within Check Point's Next Generation Firewalls (NGFW), this feature enables companies to create specific policies tailored to individual users or groups, aiding in the identification, prevention, or limitation of application and widget usage. Applications are classified based on various factors, including type, security risk, resource usage, and their potential influence on productivity. This capability allows for detailed monitoring of social networks and applications, ensuring that organizations can identify, approve, block, or limit their usage as needed. Leveraging a comprehensive global application library, Application Control simplifies policy development while also providing robust protection against threats and malware. Its integration with Next Generation Firewalls leads to a more cohesive security framework, which can help lower costs for organizations. Consequently, only authorized users and devices gain access to protected resources, thus enhancing the organization’s overall security posture. Furthermore, this comprehensive solution not only safeguards assets but also equips businesses with the tools necessary to effectively manage their application landscapes. This dual benefit of protection and management positions organizations to thrive in a secure digital environment.

Carbon Black App Control is a proactive application control solution that helps organizations protect their endpoints by preventing unauthorized applications and malware from executing. By using a policy-based model, the platform ensures that only trusted, authorized applications are allowed to run, which significantly reduces the potential for cyberattacks. The solution offers real-time protection and detailed reporting through a centralized management console, providing organizations with full visibility and control over their application environment. With Carbon Black App Control, businesses can prevent unauthorized changes, improve endpoint security, and ensure compliance with internal security policies and regulatory requirements.

The emergence of advanced persistent threats (APTs) that target critical control points, servers, and fixed devices through remote tactics or social engineering adds significant complexity to the security environment for organizations. Trellix Application Control is specifically crafted to counteract these cyber threats, enabling businesses to remain secure while also fostering productivity. By restricting operations to only those applications that are trusted on devices, servers, and desktops, it effectively protects the organization's infrastructure. In light of the growing need for flexible application usage in modern social and cloud-based business settings, Trellix Application Control allows firms to refine their whitelisting strategies, thus bolstering their threat prevention efforts. For applications that lack prior recognition, it provides IT teams with a range of options for facilitating the installation of new applications, including user notifications and self-approvals. Furthermore, it adeptly prevents unauthorized applications from executing, thereby disrupting zero-day vulnerabilities and APT attacks. Organizations can take advantage of inventory searches and predefined reports to quickly pinpoint and address vulnerabilities, compliance deficiencies, and security threats within their systems. This all-encompassing strategy not only strengthens security but also encourages a proactive approach to protecting essential business assets, ultimately ensuring long-term resilience against evolving cyber threats. The integration of such robust security measures is vital in today’s rapidly changing technological landscape.

PC Matic Pro utilizes application whitelisting as a crucial layer of defense that strengthens current endpoint security protocols. This zero trust methodology successfully deters hacking attempts and various cyber threats, effectively blocking the execution of malware, ransomware, and malicious scripts to provide strong protection for business data, users, and networks through its dedicated whitelist cybersecurity framework. Representing a noteworthy leap in the cybersecurity realm, PC Matic Pro exemplifies an essential shift toward holistic prevention strategies. In light of the escalating threats aimed at critical infrastructure, diverse industries, and government agencies, adopting such a proactive approach is vital. The software includes a patented default-deny security mechanism at the device level, which stops all unauthorized executions without complicating the workflow for IT teams. Unlike conventional security solutions, there is no requirement for customer infections to improve the whitelisting process. Additionally, organizations can implement local overrides after prevention with a focus on accuracy, allowing for a secure environment that mitigates the need for reactive measures against existing threats. This approach not only fortifies defenses but also adapts effortlessly to the constantly changing landscape of cyber risks, ensuring long-term resilience. Overall, PC Matic Pro stands out as an indispensable tool for organizations seeking to elevate their cybersecurity posture.

Navigating the current outsourcing environment poses challenges in determining who possesses privileged access to your systems. Surprisingly, individuals who are among the lowest earners in a company often receive the highest privileges, and there are instances where these individuals aren't even part of the organization. Osirium addresses this imbalance by empowering Managed Security Service Providers (MSSPs) to securely oversee a multitude of account credentials, facilitating safe outsourcing while meeting compliance requirements for their clientele. The authority wielded by these "admin" accounts is substantial since they can implement crucial modifications to systems, access essential corporate intellectual property, compromise personally identifiable information (PII), and shape the operational processes of customers, employees, and partners alike. Moreover, it is critical to protect other accounts, particularly those associated with corporate social media venues such as Facebook, Instagram, and LinkedIn, as any improper use could result in significant reputational damage. Given their prominence and influence, it is no surprise that these accounts attract the attention of cybercriminals eager to exploit weaknesses. Therefore, ensuring robust oversight and protection of these accounts is not merely advisable; it is vital for safeguarding both the integrity and reputation of the organization, ultimately contributing to its long-term success and stability.

Malicious actors are seeking to breach a wide range of computer networks. These attacks frequently focus on numerous Managed Service Providers (MSPs) and large organizations, which can lead to widespread repercussions for all their clients simultaneously. Investigations into these breaches have revealed that the perpetrators employed relatively simple techniques that could have been thwarted by the adoption of basic endpoint privilege management practices. Privileged Access Management (PAM) refers to a set of tools designed to manage, secure, monitor, and restrict privileged access within an organization’s digital ecosystem. Security protocols begin with controlling user access to their devices, highlighting the crucial need for effective privilege access management. Often, users with elevated permissions unintentionally reveal sensitive administrative data, making those with administrative rights a major internal security risk. By strengthening these access controls, organizations can substantially reduce their exposure to such threats, thereby enhancing their overall security posture. This proactive approach is essential for safeguarding valuable information and ensuring that sensitive operations remain secure from potential intrusions.

You have the ability to grant, restrict, or limit software access according to the user's department, role, and the time of day, simplifying the management of application usage throughout your network. Included in the WatchGuard Basic Security Suite, WatchGuard Application Control provides all the fundamental security services typically found in a UTM appliance, such as Intrusion Prevention Service, Gateway AntiVirus, URL filtering, application control, spam prevention, and reputation management. Moreover, it comes with centralized management features and improved visibility into your network, complemented by 24/7 support. This well-rounded strategy not only ensures strong protection but also facilitates effective supervision of your network's application environment. By leveraging these tools, organizations can maintain optimal security and control over their software resources, adapting easily to the changing demands of their operational landscape.

Transform the way IT services are delivered within your modern workplace setting. Achieve a streamlined approach to managing contemporary workplace operations and propel digital transformation initiatives by leveraging Microsoft Intune. Create a dynamic Microsoft 365 ecosystem that allows users to work on their chosen devices and applications, all while maintaining robust data protection. Securely manage a wide array of devices, including iOS, Android, Windows, and macOS, through a cohesive endpoint management solution. Boost the efficiency of deployment processes, provisioning, policy enforcement, app distribution, and updates by utilizing advanced automation techniques. Sustain a state-of-the-art, scalable cloud service framework that operates globally to ensure your systems remain up to date. Harness the capabilities of the intelligent cloud to derive crucial insights and set benchmarks for your security policies and configurations. Effectively safeguard sensitive information, particularly when employees or partners use devices that are not directly overseen by your organization to access work-related data. With Intune's app protection policies, you can exercise precise control over Office 365 information on mobile devices, thus upholding compliance and security standards. By embracing these advanced solutions, organizations can forge a resilient digital landscape that evolves alongside the changing demands of their workforce, ensuring adaptability and sustainability. Ultimately, this strategic approach not only enhances productivity but also reinforces the integrity of organizational data.

Ivanti is a comprehensive IT management platform that helps organizations automate, secure, and optimize their technology environments. With Unified Endpoint Management, Ivanti provides centralized, user-friendly control over all endpoints, enabling IT teams to manage devices seamlessly regardless of location. Their Enterprise Service Management suite enhances operational insights, streamlining workflows and reducing IT service disruptions for a better employee experience. Ivanti also delivers robust network security and exposure management solutions, helping businesses identify vulnerabilities and prioritize remediation efforts to strengthen cybersecurity defenses. Trusted by over 34,000 customers worldwide, including major brands such as Foxwoods Casino and Conair, Ivanti supports secure work-from-anywhere strategies that boost productivity and flexibility. The company regularly publishes research reports on key topics like cybersecurity posture, digital employee experience, and workplace technology trends. Ivanti’s customer advocacy initiatives demonstrate a commitment to partnership and success, with dedicated support teams ensuring clients achieve their goals. Their solutions are scalable and adaptable, fitting the needs of organizations of all sizes. Ivanti empowers IT leaders to turn visibility into actionable value, driving efficient and secure operations. Ultimately, Ivanti’s integrated approach helps businesses navigate the evolving digital landscape with confidence.

Managed Service Providers (MSPs) often find themselves needing to acquire various solutions to achieve comprehensive access governance. To address this pressing issue, we have integrated all essential modules into a singular, cohesive solution that tackles the most significant hurdles encountered by managed IT service providers. This approach not only enables MSPs to create ongoing revenue streams but also allows for the implementation of strong access controls. Through Just-In-Time (JIT) remote access, both employees and third-party vendors can be granted necessary permissions, while all activities are meticulously tracked and recorded for enhanced oversight. Moreover, minimizing the attack surface is crucial in mitigating both external and internal threats. By automating the provisioning of privileged access, the burden on helpdesk teams is alleviated, leading to less downtime. In addition, the establishment of efficient privileged-access workflows can significantly boost overall operational productivity. Ultimately, this unified solution empowers MSPs to enhance security while streamlining their processes effectively.

A Unified Endpoint Management system designed to be modular, scalable, and cost-effective, catering to IT administration, security, and workflow automation needs. Users can operate all modules from a single interface linked to one database. Currently, there are 18 modules to select from, with the flexibility to incorporate additional ones as required for tasks such as OS installation and cloning, patch management, vulnerability management, and mobile device management. This approach ensures that organizations can tailor their endpoint management solutions to fit their specific requirements efficiently.

The PolicyPak Platform presents various editions customized to meet the distinct management and security requirements of organizations. As the hybrid work model becomes increasingly prevalent, employees often access their desktops from multiple locations, such as their offices, homes, during travel, via kiosks, and in virtual environments. This variety in access creates substantial difficulties in managing and securing these settings, particularly since many existing management systems were not developed with today's scenarios in mind. PolicyPak tackles these challenges by delivering cutting-edge solutions that refine and update your current infrastructure. By incorporating PolicyPak with Active Directory, organizations can simplify the management and security of computers linked to Active Directory through the use of Microsoft Group Policy. While Microsoft Group Policy is a powerful tool that is frequently utilized, it necessitates enhancements to meet the management, security, reporting, and automation needs of modern enterprises effectively. With PolicyPak, businesses can not only overcome these obstacles but also successfully adapt to the evolving digital workspace, ensuring a more secure and efficient operational environment. This level of adaptability is essential for maintaining productivity and security in a rapidly changing technological landscape.