deviceTRUST 19.3.200 is now available. See the release notes for more information.

Policy category: Application Control

  1. Policy setting: Allow deviceTRUST triggers to change application availability
  2. Policy setting: Define who can change application availability

Policy setting: Allow deviceTRUST triggers to change application availability

Defines whether deviceTRUST triggers can change application availability.

This policy works together with the ‘Define who can change application availability’ policy, which can be used to allow SYSTEM or Local Administrator processes to change application availability.

  • When ENABLED, processes launched by deviceTRUST triggers can call dtcmd.exe to allow, deny or delete application rules.

  • When DISABLED, processes launched by deviceTRUST triggers are unable to call dtcmd.exe to allow, deny or delete application rules.

The default behavior is enabled.

Policy setting: Define who can change application availability

Determines whether SYSTEM or Elevated Processes can change application availability.

This policy works together with the ‘Allow deviceTRUST triggers to change application availability’ policy, which can be used to allow deviceTRUST triggered processes to change application availability.

  • When set to None, processes are unable to call dtcmd.exe to change application availability.

  • When set to ‘SYSTEM account’, allows any process running under the SYSTEM identity to change application availability by supplying the /session: option to dtcmd.exe.

  • When set to ‘Any elevated process’, allows any elevated administrative process to change application availability by supplying the /session: option to dtcmd.exe.

The default value is None.