Process Rules

In this section:

About Process Rules

The Process node allow security control rules to be matched with specific requesting processes. Process rule sets allow you to manage access for an application to run child processes which might otherwise be managed differently in other rules. You can add Allowed Items, Denied Items, and Privilege Management to the rule.

You can add files, folders, drives, file hash and Rule Collection items as managed items into the Allowed Items and Denied Items lists of a process rule set.

The Process rule set only manages the first level of child process run by the application, not the children of child processes. The Process does not manage the application. This must be managed by other rules unless the application is managed as a child process in another process rule.

The process rule set applies to the process that is attempting to start an application, load a component, or access a network resource. The process rule can allow certain applications to run but prohibit it from running when launched by specific processes.

  • You cannot have duplicate processes.
  • Rules are displayed in the order they are created and are not alphabetical.
  • Process rule names must be unique. You cannot create two process rules with the same name.
  • You cannot cut, copy and paste process rules.
  • You can change the state of the process rule, toggle between Disable/Enable.

Add a Process Rule Set

In the Application Control Configuration Editor navigate to Rule Sets > Process.

  1. Right-click and select Add Process Rule Set.
    A process rule set node is created.
  2. Rename the rule set with an intuitive name.
  3. Add required processes to the rule. See Add a Process to a Process Rule Set.
  4. Add the required executable control items and privilege management items. For further details See Rule Set Executable Control and Rule Set Privileges Management

Add a Process to a Process Rule Set

Use the Process Rule Set work area to add processes. The processes listed within this area are used during rules processing to match the rule to a request's process originator.

The first column displays the name of the process and the second column displays the description, if present. Double-click any process to display the properties.

  1. Select the process rule.
    The Process Rule work area displays.
  2. Right-click and select one of the following:
    • File
    • Folder
    • File Hash
    • Rule Collection

    The Add dialog displays.

You can add multiple processes at once, but you cannot have duplicate processes. You can drag and drop files from Windows Explorer or another file manager, and cut, copy, and paste.

Windows Installer Rule Set

The Windows Installer Rule Set is a default configuration setting and contains the following settings:

Process File - %SystemRoot%\System32\msiexec.exe and %SystemRoot%\syswow64\msiexec.exe

All EXE and DLL files are allowed to run when spawned by msiexec.

Related Topics

Rule Sets

Rule Collections