Rapid Configs can contain actions that can be blocked. When you block such an action, you can select an appropriate notifier for that action.

Some rules within Rapid Configs can block actions a user takes. For example, several of the rules that make up the Browser Protection Rapid Config can block:

  • Execution of applications by browsers
  • Execution of applications that were downloaded from browsers
  • Registry modifications
  • Host file modifications

For each one of these actions, you can specify files and paths affected, and you can choose to do nothing, to report the action, or to block the actions matching those settings. If you choose to block them, a Notifier field appears in the panel. That field provides a menu of existing notifiers from which you can choose the appropriate one for each action. When a Rapid Config contains more than one action that can be blocked, you can choose different notifiers for each action you block or use the same one for all. You also can choose Block for some actions and Report or Do Nothing for others.

Tip: You can use the Notifier page to create a custom notifier for selection in the Notifier field. For example, you might create a notifier for the termination of a process hollowing executable for use in the Process Hollowing Protection Rapid Config. For information, see Endpoint Notifiers and Approval Requests in the App Control User Guide.

The Edit Rapid Config page showing the block and notifier fields selected in the Executbles settings and the Downloaded Executables settings