Configuring Application Control Settings

  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.

    • Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.

  2. Click Windows.
  3. Go to Application Control.
  4. Under Application Control, enable the feature and configure the required settings.
  5. Select a mode to restrict applications.
    • Block

      Block Mode uses the kernel-level blocking method to block applications before execution on your corporate endpoints. Kernel-level blocking prevents applications from starting by blocking file access. This provides greater security, but may unexpectedly block or momentarily delay access to certain files needed by allowed applications.

    • Lockdown

      Before locking down an endpoint, Application Control scans the endpoint and creates a complete application inventory. Only applications that already exist in the inventory can execute on the endpoint. During Lockdown, Application Control prevents the execution of upgrade or installation packages.

      Depending on the user's environment, the inventory scan can take several hours to complete. Periodically check the Application Control status on the Security Agent console. The inventory scan might also affect endpoint performance. Plan cautiously before applying Lockdown to any server.

  6. If you select Lockdown, the following settings appear. Enable the required settings.
    • Exclude applications by Trend Micro trusted vendors (Recommended): Select to automatically allow all applications that Trend Micro threat experts have determined come from trusted vendors

    • Exclude any process tree that originated from a Microsoft-signed program (including Windows Update): Select to automatically allow all applications and processes executed by a Microsoft-signed program


      Trend Micro recommends enabling this setting to perform a Windows Update. After the update completes, Trend Micro highly recommends disabling this setting.

  7. Under Rules, click Assign Rules.

    The Application Control Rules screen appears.

  8. Assign rules to the policy and click OK.

    To create a rule, click Add Rule and select a rule type.

    For more information on creating rules, see Configuring Application Control Rules.

  9. Click Save.