Prevent Read and Write to File Types or Network Locations

Scenario description

In this scenario, the end user has the following installed:

On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc

Once you are in Arellia select the Policies tab
Select Application Control > Policies
Right-click Policies and select New > Blank Application Control Policy

Configure the policy as follows:
- Name - "Write-protect Word documents in the Company Invoices directory"
- Description - Prevent Microsoft Word from having write access to, or creating new Word documents in the company invoices directory
- Apply to: - All Windows Computers with Application Control Agent Installed
- Under Application Actions Tab, check "Send policy feedback"
- Under Policy Enforcement Tab, check "Continue enforcing policies for child processes after enforcing this policy"
Under Applications to Control Tab, click the Include link, select MS Word in the Items Selector dialog, and click OK
Under Application Actions Tab, select Application Action and Select an Item
- Select Deny File Access and click OK
In the Deny File Access dialog, enter the following in the appropriate fields:
- Name - Prevent write access of Word documents to Company Invoice directory
- Path - C:\company invoices
- Mime type - Word document
Click Apply and close the dialog
In the Items Selector dialog, select the new Deny File Access Application Action, and click OK
Enable the policy and click Apply
In Microsoft Word, open C:\company invoices\invoice 101.doc. The file is read only and can't be modified

Create a new document and attempt to save it to c:\company invoices\. You will be unable to open it and will receive a File Permission error
Verify that a Word document can be created or modified in a different directory
In Microsoft Excel, save a spreadsheet to the same location as Step 1. The permissions are limited to Microsoft Word