Process/app started.
Trigger Process/Application Launched
Trigger Process/Application Launched allows monitoring and management of actions related to launching processes in the system. With detailed configuration it is possible to precisely block selected processes or applications, supporting enforcement of the organization's security policies.
Trigger configuration
Process mask
Defining processes to monitor: Specify any number of processes to be monitored or blocked. Each process must be entered individually, e.g.
chrome.exe, which will block only that process.Use of wildcards: You can use patterns such as:
chr*.exe– blocks all processes starting with "chr" (e.g.chrome.exe,chr123.exe).*abcd.exe– blocks all processes ending with "abcd.exe" (e.g. 123abcd.exe, testabcd.exe)
Multiple processes: It is possible to specify several processes at once. To configure the policy this way, each parameter must be entered on a separate line. Parameters must be separated by ENTER, e.g.:
chrome.exe opera.exe abcd.exe
NOTE: You cannot enter a rule that blocks all processes (e.g. *) and at the same time exclude individual ones (e.g. chrome.exe). Such a configuration would result in complete system shutdown and is not supported.
Example use
Blocking access to the CRM application for selected users
Objective: Prevent selected users from using the CRM application, which is normally launched on every computer. Configuration:
Process mask: Enter the CRM application process name, e.g.
crmapp.exe.Scope of action: Limit the rule to selected users or groups.
Effect: Selected users will not be able to launch the CRM application, while others will retain access to it.
Summary
Trigger Process/Application Launched enables effective management of access to applications and processes in the system. With flexible configuration options, such as process masks and patterns, rules can be precisely tailored to the organization's specific needs while minimizing the risk of security breaches.
Last updated
Was this helpful?