Application blocking allows you to enable or block applications from launching.
By default, once you enable application blocking, only applications from the Windows folder, C:\Program Files, and C:\Program Files (x86) are allowed to run. To fine-tune application blocking, you can further specify applications to allow or block based on path, hash, or publisher.
You can configure the following types of application blocking:
- Path-based. You can specify a path to a folder. Or, you can specify a fully qualified file name (the configured path includes the full path and file name of the executable).
- Hash-based. You can specify to allow or block based on a hash that matches a particular executable.
- Publisher-based. You can specify a publisher to allow, and executables associated with that publisher can launch. You cannot block applications by publisher.
Note: If you configure multiple types of application blocking, it is important to understand the order in which they are evaluated. For more details, see Work with Multiple Types of Application Blocking.