February 3, 2026—Cyber Risk Exposure Management now allows you to designate local applications as trusted or untrusted and enable
auto-blocking of unwanted applications found on Windows endpoints in your environment.
In the local apps section of Attack Surface Discovery, set app status to trusted or untrusted based on your evaluation of their risk and
the context provided by Cyber Risk Exposure Management. Setting an app to untrusted increases the risk score of assets on which the application
is installed.
In addition, you can enable auto-blocking of all untrusted Windows applications that
have executable files associated with the applications. After enabling the feature,
the hashes of all executables associated with untrusted applications are forwarded
to Suspicious Object Management. Suspicious Object Management blocks execution of
the executable files on all Windows endpoints.
To enable auto-blocking, you must opt in to the auto-blocking public preview via Platform
Directory or directly within Local Apps. You must also enable Advanced Risk Telemetry
in Endpoint Security Policies.