deviceTRUST 19.2 is now available and includes the new macOS Client and an updated iOS Client. See the release notes for more information.

Policy category: Application Control

  1. Policy setting: Allow deviceTRUST triggers to change application availability
  2. Policy setting: Define who can change application availability

Policy setting: Allow deviceTRUST triggers to change application availability

Defines whether deviceTRUST triggers can change application availability.

This policy works together with the ‘Define who can change application availability’ policy, which can be used to allow SYSTEM or Local Administrator processes to change application availability.

  • When ENABLED, processes launched by deviceTRUST triggers can call dtcmd.exe to allow, deny or delete application rules.

  • When DISABLED, processes launched by deviceTRUST triggers are unable to call dtcmd.exe to allow, deny or delete application rules.

The default behavior is enabled.

Policy setting: Define who can change application availability

Determines whether SYSTEM or Elevated Processes can change application availability.

This policy works together with the ‘Allow deviceTRUST triggers to change application availability’ policy, which can be used to allow deviceTRUST triggered processes to change application availability.

  • When set to None, processes are unable to call dtcmd.exe to change application availability.

  • When set to ‘SYSTEM account’, allows any process running under the SYSTEM identity to change application availability by supplying the /session: option to dtcmd.exe.

  • When set to ‘Any elevated process’, allows any elevated administrative process to change application availability by supplying the /session: option to dtcmd.exe.

The default value is None.