How to write this rule?

Excuse me, I have a question.
To make it easy, for example, if I allow pp.exe to execute C:* except cmd.exe, how to set this rule?
I tried a rule like “allow c:*, block cmd.exe”, but it’s a failure to do so.

When you set D+ to Safe mode you will get pop ups for when an application starts another application. You can then decide to allow or block and to remember the answer or not.

DEFENSE+ > Advanced > Computer Security Policy CLICK
Now scroll down in the “application name” list to the file called ((path) + “pp.exe”)

Press EDIT.
Chose “Use a Custom Policy”.

Next Click “Access Rights”.
At “Run an executable” chose “default action = ASK”.

And click at modify under settings, click blocked applications.
Click Add> Browse… and find the cmd.exe file and add it here.

And under allowed applications chose add> File Groups > All Applications!

Should work now. :BNC Hopefully. (:LOV)

EDIT:: didn’t see EricJH’s post, That way could be simpler! Anyway, hope you solve it… If you already have a allow rule or deny rules for this “pp.exe” file you might however want to remove them first and then run the program in safe mode/paranoid mode.