When Application Lockdown is turned on, the agent will only be able to access applications that are in the Approved List.
- Go to Agents > All.
-
Navigate to the target agent or group, and then go to
its Policy page.
Note:For instructions on how to go to the Policy page, see Go to the Agent View for a single agent or Go to the Group Policy Screen for a group of agents.
- Go to the Application Lockdown pane.
-
Three modes are avaible for selection:
-
Detect: When an application not in the Approved List launches, it is allowed and users will receive a notification.
-
Enforce: When an application not in the Approved List launches, it is blocked and users will receive a notification.
-
Disable: Application Lockdown is turned off.
Note:-
For how to configure exclusion settings for the Approved List, see Exception Paths Settings.
-
For how to configure trusted hash values settings for the Approved List, see Trusted Hash Values Settings.
-
-
If you enable the "Detect" mode or "Enforce" mode, the sub-features listed
below will appear. By default, the sub-features are enabled. Click the toggles
to disable them if needed.
-
DLL/Driver Lockdown: Prevents unapproved DLLs or drivers from being loaded into the memory of protected endpoints.
-
Script Lockdown: Prevents unapproved script files from being run on protected endpoints.
-
Intelligent Runtime Learning: Allows runtime executable files that are generated by applications in the Approved List.
-