Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR
In a program blocking settings profile, you configure the programs that will be blocked when they attempt to run. You can only assign program blocking settings to Windows workstations and servers.
In Advanced EPDR, you can also block malware and suspicious programs. For more information, go to Configure Advanced Security Policies (Windows Computers).
To increase the security of the Windows computers on the network, you can prevent the use of programs you consider dangerous or not compatible with the work of your organization. WatchGuard Endpoint Security blocks the programs you specify every time they try to run. Do not block programs that your computers require to work properly.
You cannot block programs required by WatchGuard Endpoint Security.
To configure program blocking:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Settings.
- From the left pane, select Program Blocking.
- Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
The Add Settings or Edit Settings page opens. - Enter a Name and Description for the profile, if required.
- Enable the Enable Application Blocking toggle.
- In the text box, enter the names of the programs to block, separated by line breaks.
For example, type spotify.exe. Wildcards are not supported. - In the text box, enter the MD5 hash value of the executable file you want to block, separated by line breaks.
For more information, go to Calculate the MD5 of One or More Files. - To Notify computer users about blocked applications, enable the toggle.
A pop-up message appears on user computers when they try to run the blocked application. - (Optional) In the text box, specify a custom message to notify users that WatchGuard Endpoint Security blocked a program.
- Click Save.
- Select the profile and assign recipients, if required.
For more information, go to Assign a Settings Profile.