Application blocking allows you to enable or block applications from launching.

By default, once you enable application blocking, only applications from the Windows folder, C:\Program Files, and C:\Program Files (x86) are allowed to run. To fine-tune application blocking, you can further specify applications to allow or block based on path, hash, or publisher.

You can configure the following types of application blocking:

• Path-based. You can specify a path to a folder. Or, you can specify a fully qualified file name (the configured path includes the full path and file name of the executable).
• Hash-based. You can specify to allow or block based on a hash that matches a particular executable.
• Publisher-based. You can specify a publisher to allow, and executables associated with that publisher can launch. You cannot block applications by publisher.
  Note: If you configure multiple types of application blocking, it is important to understand the order in which they are evaluated. For more details, see Work with Multiple Types of Application Blocking.