Denied Items

About Denied Items

Denied Item nodes are sub-nodes automatically created in any Rule node when you create a new rule. They allow you to add items to which the groups, users and devices specified in the rule are refused access.

If you are using the default option, which trusts all locally installed Trusted Owner applications, you only need to add specific applications that you do not want users to run. For instance, you can add administrative tools, such as management and registry editing tools. 

You do not need to use this list to deny applications that are not owned by an administrator because they are blocked by trusted ownership checking.

Application Control drag and drop functionality can be used to add files, folders, drives and signature items from Windows Explorer or copy or move items between the Allowed Items node and Denied Items nodes in each of the main configuration nodes.

You can add the following items:

Add a Denied Item

To add an item, select the Denied Items node and click the Add Itemdrop-down arrow on the Rule Items ribbon, select Deniedand select the type of Denied Item you want to add.

This task prevents all users accessing an application on a network share:

  1. Select the Denied Items node in Rules > Group > Everyone.
  2. Click Add Item in the Rule Items ribbon and select Denied.
  3. Select the item that you want to make allowed, for example File.

  4. The Add a File dialog displays.

    Enter or browse for the file to be denied.

  5. The Substitute environment variables where possible checkbox is selected by default. If it is not selected, environment variables will not be replaced with a generic environment variable.
  6. Select Do not show access denied message when denied if you want to silently deny the item and not to display any warning message to the user.
  7. Select Ignore Audit Event filtering if you want to capture all events for this item regardless of what is set in Event filtering.
  8. The Item is added to the Denied Items work area.

If you want to disable a specific rule item, highlight the item, right-click and select Change State. This toggles between disable and enable. This can be useful when needing to trouble shoot with Support.

Remove a Denied Item

  1. Select the item to remove in the Denied Items node.
  2. In the Rule Items ribbon, click Remove Item.
  3. Click Yes in the confirmation dialog.

The item is removed from the node.

Related topics