Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This filter is 99.9% of the time used as a conditional filter for an application control policy to limit the policy to only apply to interactive users. It's recommended to use this filter when you use a broad scoping application control policy (such as any file with a system file owner for a Whitelist) that way you don't catch applications launched by system services/accounts, etc.

LocalSystem and service application filters

This filter is rarely used in environments. You would use this to target or limit application control policies to applications only launched by the Local System or Services.

Service application filters

Same as the filter above except it only targets any Service that gets executed.