Executables File Example

In this example we are creating a policy to deny running .msi files.

Creating the Policy

  1. Navigate to Computer Groups | Windows Computers.

  2. Select Application Policies.

  3. Click Create Policy.

  4. In the policy wizard select Controlling, click Next Step.

  5. In the policy wizard select Block, click Next Step.

  6. In the policy wizard select Notify and Block, click Next Step.

  7. In the policy wizard select Installer Packages, click Next Step.

  8. In the policy wizard select File Upload.

    1. On the Upload a File modal, Click Choose File.

      upload

    2. Select the file(s) you wish to be targeted. For this example we are selecting a TortoiseGit installer package.

      upload

    3. Click Upload File.

    4. On the Manage Application dialog, check File Name.

      manage app

      Select more details like the File Path or the Hash, if you want to make this policy more specific.

    5. Click Create Filter.

      filter

    6. Click Next Step.

  9. On the Finalize the Policy page, enter a name for your new policy. The policy will be created with a default priority of 10, since it is a deny and notify policy.

    create

  10. Click Create Policy.

    final

The policy wizard added based on the selected file upload and the file inventory that was executed and application target of Microsoft Installer Files.

A secondary file filter was added under Inclusions, identifying a specific file filter for the tortoisegit.msi execution.