Unauthorized software installation poses significant security risks, including the introduction of malware, licensing violations, and the unauthorized use of company resources.

Teramind's Applications rules provide a direct and proactive method to prevent new software from being installed on monitored endpoints.

The example below shows you how to create an Applications rule to proactively block users from running known installer files.

1. Assign a Rule Name. For example, “Block dangerous ports”.

2. Select a Parent Policy. For example, “Admin Policy”.

3. Select “Activity” for Rule Type.

4. Select “Applications” under Select the type of activities.

5. Turn on the Inherit targets from Parent Policy option to use the policy’s default targets.

6. Alternatively, turn it off and manually select the employees, departments and/or computers for the rules target from the Assign to field.

7. Optionally, you can exclude targets in the Exclude from rule field.

8. Add two condition blocks by clicking the New Condition button two times. Then, configure the conditions as follows:

9. Add the Application name criterion by clicking the +Add button.

10. In the Application name field, specify the application names you want to block one by one. In this example, we used the most common setup and installation files such as "install.exe", "installer.exe", "setup.exe", "update.exe", "autorun.exe", "msiexec.exe". For each entry, use the Contains condition.

9. Add the Application name criterion by clicking the +Add button.

10. In the Application name field, specify the file types (extensions) that are typically used for installer packages or scripts. In this example, we used ".msi", ".cmd", ".bat", ".ps1". For each entry, use the Contains condition.

13. Select the Block action.

14. Optionally, add a message. For example, “Application installation is blocked.”.

15. Optionally, turn on the Use HTML Template option to show the message in a visually appealing template.

The primary justification for implementing this rule is to mitigate security and compliance risks by establishing a Zero Trust approach to software installation.

The rule achieves this by using the Application Name criterion to build a blacklist that provides broad coverage against standard installation wrappers and unauthorized file types. It enforces the Block action, thereby preventing "Shadow IT" and maintaining stringent control over the corporate environment.