How Applications Launch Control rules work
The operation of Applications Launch Control rules is based on the following components:
Applications Launch Control rules can allow or deny the start of applications. Accordingly, they are called allowing or denying rules.
Applications Launch Control rules can be applied to executable files, scripts, and MSI packages.
Applications Launch Control rules regulate the launch of files that satisfy at least one trigger conditions specified in the rule settings. For example, executable files are signed with the specified digital certificate, have the specified SHA256 hash, are located at the specified path, match the specified command line arguments. You must add at least one rule triggering condition. Otherwise, the Application Launch Control rule is not added.
You can configure exclusions for the Applications Launch Control rule, which may be based on the same criteria as the rule triggering conditions. Exclusions to Applications Launch Control rules may be required for certain allowing rules: for example, if you want to allow users to start applications from the C:\Windows path, while blocking launch of the Regedit.exe file.
Applications Launch Control rules can control the start of specified applications by specified users and / or user groups.
When creating Applications Launch Control rules, we recommend making sure that the new rules do not block your operating system's applications from running.
Managing Applications Launch Control rules
You can perform the following actions with Applications Launch Control rules: