The Extension Filtering feature is used to determine whether the configuration should check certain file types or if it should ignore certain file types. The default configuration in Application Control does not have any extension filtering configured and therefore all executable code - irrespective of file extension - is checked. This is the most secure option because nothing can get past the agent unless it has been expressly configured in the remainder of the rules.
Enable Extension Filtering in the Extension Filtering dialog, which you access via the Global Settings ribbon. The Extension Filtering dialog contains the following options:
- Exclude files with extensions in the list below - Select to ensure that Application Control rules do not apply to the file types listed in the Extensions list.
- Only check files with extensions in the list below - Select to ensure that Application Control rules apply only to the file types in the Extensions list. All other file types are allowed to execute normally.
Extensions - A list of file extensions to filter. You can add to and delete from the list.
Use the Add button to add the file extensions. Once the configuration is saved, the Application Control agent only checks the files with the specified extensions against the rules when execution requests occur against the computer that the configuration is deployed to.