Application Lockdown

Procedure

1. Go to Agents → All.
2. Navigate to the target agent or group, and then go to its Policy page.

   Note For instructions on how to go to the Policy page, see Go to the Agent View for a single agent or Go to the Group Policy Screen for a group of agents.

3. Go to the Application Lockdown pane, and then toggle on Application Lockdown.

   Note See the Excluded Paths Settings, Trusted Hash Values Settings, and Write Protection Exclusions Settings for how to configure the exclusions for the Approved List.

4. If you enable Application Lockdown, the sub-features listed below will appear. Select to enable them if needed.
   • DLL/Driver Lockdown: Prevents unapproved DLLs or drivers from being loaded into the memory of protected endpoints.
   • Script Lockdown: Prevents unapproved script files from being run on protected endpoints.
   • Write Protection: Blocks modification and deletion of files, folders, and registry entries and optionally prevents write access to files in the Approved List.
   • Fileless Attack Prevention: Detects and blocks unapproved process chains and arguments that may lead to a fileless attack event.
   • Intelligent Runtime Learning: Allows runtime executable files that are generated by applications in the Approved List.