Application Control Policy

Application control lets you detect and block applications that are not a security threat, but that you decide are unsuitable for use in the office.

Go to My Products > Endpoint > Policies to control applications.

To set up a policy, do as follows:

• Create an Application Control policy. See Create or Edit a Policy.
• Open the policy's Settings tab and configure the policy as described below. Make sure the policy is turned on.

We recommend that you detect the applications being used on your network and then decide which to block, as follows.

1. In the Controlled Applications list, click Add/Edit List. This opens a dialog where you can see the categories of applications that you can control. Sophos supplies and updates the list.
2. Click an application category, for example Browser plug-in. A full list of the applications in that category is displayed in the right-hand table.
3. We recommend that you select the option Select all applications. You'll refine your selection later.
4. Click Save to List and repeat for each category you want to control.

Note If you want to control an application that isn't in the list supplied by Sophos, you can ask to have it added. Click the Application Control Request link at the bottom of the Settings tab.

1. Select Detect controlled applications during scheduled and on-demand scans.
2. Do not select any other options for now.

Application control uses the scheduled scans and the scanning options (which file types are scanned) that you set in Threat Protection settings.

1. Find the applications you want to use and clear the checkbox next to them. All other applications in the list are now controlled applications.
2. Select New applications added to this category by Sophos (optional). Any new applications that Sophos adds to this category later will automatically be added to your controlled list. Newer versions of applications already in your list will also be added.

Warning Only select this if you're sure you want to control applications in this category from now on.

Note When you turn on blocking, we won't log users trying to access controlled applications. Logging is only available with Allow the detected application, which is for monitoring purposes only.

Note If you switch off desktop messaging you will not see any notification messages related to Application Control.

1. Click in the message box and enter the text you want to add.

For more information about Application Control and the latest applications we add to the Controlled Application list, see Application Control.