Application Lockdown

Procedure

1. Go to Agents → All.
2. Navigate to the target agent or group, and then go to its Policy page.

   Note For instructions on how to go to the Policy page, see Go to the Agent View for a single agent or Go to the Group Policy Screen for a group of agents.

3. Go to the Application Lockdown pane.
4. Three modes are avaible for selection:
   • Detect: When an application not in the Approved List launches, it is allowed and users will receive a notification.
   • Enforce: When an application not in the Approved List launches, it is blocked and users will receive a notification.
   • Disable: Application Lockdown is turned off.

   Note For how to configure exclusion settings for the Approved List, see Excluded Paths Settings and Trusted Hash Values Settings. For how to configure trusted hash values settings for the Approved List, see Trusted Hash Values Settings.

5. If you enable the "Detect" mode or "Enforce" mode, the sub-features listed below will appear. By default, the sub-features are enabled. Click the toggles to disable them if needed.
   • DLL/Driver Lockdown: Prevents unapproved DLLs or drivers from being loaded into the memory of protected endpoints.
   • Script Lockdown: Prevents unapproved script files from being run on protected endpoints.
   • Intelligent Runtime Learning: Allows runtime executable files that are generated by applications in the Approved List.