6Application Blocking Policies
The Application Blocking feature of Host Intrusion Prevention manages a set of applications that you allow to run ((known as application creation) or bind (known as application hooking) with other applications.
This section describes the Application Blocking feature and includes the following topics:
Overview
Configuring the Application Blocking Options policy
Configuring the Application Blocking Rules policy
Overview
The Application Blocking feature enables or disables application blocking and configures application blocking rules. With application blocking you can set application creation blocking, application hooking blocking, or both. You can also indicate whether to keep application blocking rules created on clients manually or through the Adaptive or Learn modes.
Application creation
Block application creation when you want to prevent specific or unknown programs from running. For example, some Trojan horse attacks can run malicious applications on computers without the knowledge of the user. If you block application creation, you can prevent these attacks from succeeding by allowing only specific, legitimate applications to run. You can also enable automatic Adaptive mode or interactive Learn mode to dynamically build a set of allowed applications.
94