Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.
Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
Block
Block Mode uses the kernel-level blocking method to block applications before execution on your corporate endpoints. Kernel-level blocking prevents applications from starting by blocking file access. This provides greater security, but may unexpectedly block or momentarily delay access to certain files needed by allowed applications.
Lockdown
Before locking down an endpoint, Application Control scans the endpoint and creates a complete application inventory. Only applications that already exist in the inventory can execute on the endpoint. During Lockdown, Application Control prevents the execution of upgrade or installation packages.
Depending on the user's environment, the inventory scan can take several hours to complete. Periodically check the Application Control status on the Security Agent console. The inventory scan might also affect endpoint performance. Plan cautiously before applying Lockdown to any server.
Exclude applications by Trend Micro trusted vendors (Recommended): Select to automatically allow all applications that Trend Micro threat experts have determined come from trusted vendors
Exclude any process tree that originated from a Microsoft-signed program (including Windows Update): Select to automatically allow all applications and processes executed by a Microsoft-signed program
Trend Micro recommends enabling this setting to perform a Windows Update. After the update completes, Trend Micro highly recommends disabling this setting.
The Application Control Rules screen appears.
To create a rule, click Add Rule and select a rule type.
For more information on creating rules, see Configuring Application Control Rules.