How can I control what services.exe can launch?

Hi :slight_smile:
At the moment, it does not seem to be possible to control which executables / drivers can be launched by services.exe, which at present is allowed to run anything at all. >:(
What would be the best workaround for this?

I suppose I could delete the services.exe entry in predefined security policies → windows applications, and add it myself into the standard ruleset?

Go to administrative tools/services in Windows and you can select automatic/manual/disabled for any of the available services. This controls what services.exe is allowed to do.

Thanks, but that wasn’t what I meant. :slight_smile:

If i were to install a new program, and that program ran a service started by services.exe, the default configuration of defense+ will allow that to happen.
What I want to happen is for defense + to show an alert that says “services.exe is trying to start xyx123.exe”, or “services.exe is trying to load driver.sys”, and let me choose how to proceed.