...
Instead of putting an unknown application into an automatic blacklist, you can apply a flexible policy that includes one or more of the following actions:
- Running with demoted privileges
- Running read-only
- Notifying end users of corporate policy
- Running in a virtual layer
- Target internet-facing applications
By limiting an application’s impact to the operating system and other software, end users can use a piece of software and allow IT to review the software for black or white listing at a later date. At that later date a piece of software could be permanently allowed, denied for risk or legal reasons, or moved to a permanent orangelist.
...