Use Process Rules to Restrict Access to FTP
You can use process rules to allow, for example, only certain applications to access FTP.
This task shows how to use process rules to allow only a particular application to access FTP ports 20 and 21. The first step is to create a group to specify the

- Select the Group Management node.
- Select Add Group on the Groups ribbon.
- Select and right-click the new group and select Rename.
- Rename the group with an intuitive name, for example, Specify FTP Ports.
- Select the Add Item drop-down arrow on the Groups ribbon and select Network Connection. The Add a Network Connection dialog displays.
- Specify the host in the Host field.
- Select the Ports button on the right hand-side of the Ports field. The Common Ports dialog displays.
- Select ports 20 and 21: FTP - Data Port and FTP - Control port, and click Add.
- Select the Text contains wildcard characters option and click Add.

- Select the top level Process rule node.
- Select the Add Rule drop-down arrow on the Rules ribbon and select Process Rule.
- Select and right-click the new process rule and select Rename.
- Give the rule an intuitive name, for example, Cannot access FTP.
- Right-click within the Processes work area, and select Add > File. The Add a File dialog displays.
- Enter * in the File field and click Add. This denotes that all files are blocked from accessing ports FTP 20 and 21. The use of
- Expand the new process rule node.
- Select the Denied Items node.
- Select the Add Item drop-down arrow and select Denied > Group. The Group selection for dialog box displays.
- Select the group created in the Create a Group procedure and click Add. This rule now prohibits all applications from accessing the FTP ports 20 and 21.

- Select the top level Process rule node.
- Select the Add Rule drop-down arrow on the Rules ribbon and select Process Rule.
- Select and right-click the new process rule and select Rename.
- Give the rule an intuitive name, for example, Can access FTP.
- In the Processes work area, right-click and select Add > File. The Add a File dialog displays.
- Browse to and select the file that you want to access FTP, for example, Internet Explorer.
- If required, expand the new process rule node.
- Select the Allowed Items node.
- Select the Add Item drop-down arrow and select Allowed > Group. The Group selection for dialog displayed.
- Select the group created in the Create a Group procedure and click OK. This rule now allows the specified application to access the FTP ports 20 and 21.

- Expand the Group node and select BUILTIN\Administrators. The Group Rule work area displays.
- Drag the Security Level slider to Restricted.

Save the configuration. Only the application specified in the procedure can access FTP ports 20 and 21. All other applications cannot.