In Application Control's 'allow' mode, what is the primary function?

In Application Control's 'allow' mode, the primary function is to monitor and track changes based on a golden image. This mode is designed to ensure that only approved applications are allowed to run on a system. In this context, the golden image serves as a reference point for the system's current state, enabling the system to detect any deviations or unauthorized changes.

By establishing a baseline of approved applications and configurations through the golden image, organizations can maintain a secure environment while keeping track of any applications that attempt to execute without proper authorization. This monitoring capability is critical for ensuring compliance with security policies and maintaining the overall integrity of the system.

The other options address different functionalities that are not the primary focus of the 'allow' mode in Application Control. Blocking unauthorized applications, creating system backups, and performing real-time malware scans fall under different categories of application security and system management, but they do not encapsulate the core purpose of monitoring and tracking changes based on a golden image in this specific context.