...
To include a Process Security Descriptor action in an Application Control policy, you must create a security descriptor and a process security action.
Create a Security Descriptor
The Security Descriptor defines who has what rights to the process that is started. As shown in the following screenshot, you can create a new Process Security Descriptor by clicking Security Descriptors - User Defined.
...
For detailed instructions about how to create a security descriptor, go to Security Descriptorsdescriptors.
Create a Process Security Action
A Process Security Descriptor action applies restrictions to the process. To create a Process Security Descriptor action, do the following steps:
...
The new action appears in the list of actions available in the Process Security folder. It is now available to include in an Application Control policy. For details about creating an Application Control policy, go to Create Application Control Policiespolicies.