To block applications before execution, apply kernel-level blocking.
Kernel-level blocking prevents applications from starting by blocking file access. This provides greater security, but may unexpectedly block or momentarily delay access to certain files needed by allowed applications. This feature is only supported on policies set to first match “User and Group” criteria (excluding the “SYSTEM” account).
After Endpoint Application Control blocks or delays an application start using the kernel-level method, related notifications for the event may be displayed to the end-user.
Windows may display the following notification to end-users:
Endpoint Application Control is unable to hide this notification. If endpoint users may be confused by notifications and related requests for interaction, you can avoid this notification by applying user-level blocking instead. Consider the known limitations of user-level blocking before making this change.
Endpoint Application Control may display the following notification to end-users:
To hide this notification, go to the Add or Edit Policy screen, expand User experience, and then clear the Display notification popups check box.