want some help with defense+

Hello ! Guys… :slight_smile:
I have some doubts regarding defense+ that i want to clear.

I have created a predefined custom policy to allow a group of programs to “inter process memory acess” and COM interface access to explorer.exe .
I have also allowed the group to execute some applications.

  1. Now there are some particular program in that group that i want to stop from executing the allowed application. How can i accomplish this task without having to define policy for each application individually.


2. what happens if there are multiple rules for the same program in defense+ , does defense+ consult all of them , what if the rules are contradicting to each other ? for example: suppose there are 3 entries for notepad. 1st rules allows the notepad from executing a program, 2nd entry denies it and 3rd rule is set to ask, how will defense+ behave in that case ? ???

sorry for my bad English
Thanks

Make a second group.

[quote[2. what happens if there are multiple rules for the same program in defense+ , does defense+ consult all of them , what if the rules are contradicting to each other ?
for example: suppose there are 3 entries for notepad. 1st rules allows the notepad from executing a program, 2nd entry denies it and 3rd rule is set to ask, how will defense+ behave in that case ? ???

sorry for my bad English
Thanks
[/quote]
Rules get read top → down. I never tested this scenario but I would think it may allow starting when it reaches the third rule.