Application level

If you add a new application, it is not necessary to set Applications security to learning mode on global level, because this jeopardizes the existing security of the user workspace. Instead, it is sufficient to set only the new application to learning mode. The workspace remains secured, because only executables launched by the application will be allowed. Because these executables can be logged as a security event, this allows you to create application-specific exceptions.

If Applications security is enabled, the authorized files configured for a specific application will, by default, be enforced. You can configure authorized files for an application at Managed Applications on the application's Security > Authorized Files tab. See Authorizing files and folders.

If the user is allowed to use the "cmd" command, any attempts to start executables will be blocked (e.g. a ping command). If necessary, you can authorize additional executables at application level.