You can create or edit a blocking and isolation rule to deny or terminate processes and applications.
Procedure
On the left navigation pane, click Enforce > Policies.
Select a policy.
Click the Prevention tab and expand Blocking and Isolation.
Click Add application path, or click the Edit icon next to an existing rule to edit it.
When adding a path, use wildcards to specify files or directories. For an explanation of how wildcards work in policy paths, see
Prevention Policy Settings. You can add multiple paths. Each path must start on a new line. Do not separate paths with commas. You can delete a rule by clicking the
Trash can icon
. You cannot delete built-in rules such as
Known malware or
Suspected malware.
Select the Deny operation or Terminate process attributes.
Note: If you set the action to
Terminate process, you cannot concurrently deny the operation.
Test a new rule's settings before applying it in your environment. Click Test rule for any setting. The system checks to see how the rule would have affected your organization over the last 30 days. You can use this data to confirm or modify your settings.
To apply the changes, click Confirm and then click Save.