How to roll out an application control policy
By default, all applications and application types are allowed. We recommend that you introduce application control as follows:
By taking this approach, you avoid generating large numbers of alerts and blocking applications that your users may need. For more information on setting up application control policy, see the Sophos Enterprise Console help.
Note Application Control can be configured to block CScript.exe that is used by Patch.
If you use both Application Control and Patch, ensure that you do not block
Microsoft WSH CScript in the
Programming/Scripting tool category. By default,
programming and scripting tools are allowed.