In addition to bans applied directly to specific files to prevent future execution, App Control provides many other methods and options.
The following list summarizes options for banning software:
- To prevent certain software from running on all computers or all computers in selected policies, create a File Ban rule for each file, which blocks it on all computers running in Control mode (or if you are running in High Enforcement, simply do not approve it). See File-Specific Rules: Approvals and Bans.
- When you have a list of hashes for unwanted files to ban, you can create bans for the entire list in a single operation. See Approving or Banning Lists of Files.
- When you want to ban all files from a particular publisher, ban the publisher. See Approving or Banning by Publisher. You can fine-tune publisher bans by banning a specific certificate from a publisher. See Using Certificates for Enforcement.
- When you have a special need for a rule to block or allow installation or execution of files in particular locations or by particular users or processes, create a Custom Rule that blocks execution. This is not a ban, but can act like a ban when conditions match its criteria. See Custom Software Rules.
- To ban currently running processes with banned images in addition to future attempts to execute a file, configure Policies to do so. See Enabling Bans to Stop Running Processes.
- To ban files when they are referenced in certain events, including malware reports from external notifications, create an Event Rule. See Event Rules.