ability to freeze hard drive but allow whitelisted things to make sticky changes

so basically freeze the hr drive but have 2 configurations.

  1. allow essential windows updates, cis to update, browsers and browser plugins and extensions like java, flash and adblockplus to update but don’t allow anything else to be installed even if it’s whitelisted

  2. same as 1 but allow whitelisted programs to be installed. so if it’s not whitelisted then prevent it from installing like AppGaurd or running for portable malware which i’m not sure if AppGaurd can prevent from running but you get the idea. i’m just using AppGaurd as an exmple. i’m not saying add a modual that behaves just like AppGaurd but take AppGaurds idea one step further

video for AppGaurd:

In general settings for defense+ there is an option that will “Block all unknown requests if the application is closed”. Explain how your request differs from this option.

i forgot all about that option. what if i had that option enabled and tried running a trusted app that was signed and then later on it updated but the vendor didn’t sign the new version for whatever reason, would the app no longer run since it’s not signed now or would i get an alert asking me if i want it to run