# Process Application Control Policy Management Guide

**Overview**

\
To implement and manage Processes Control policies effectively, you must first activate the policy. Once activated, configure allowlisting to define which processes are permitted on specific computers or computer groups. Any process not explicitly allowlisted will be automatically blocked. Optionally, end-users can receive popup notifications when applications are blocked.

### **1. Activating the Policy**

Cybercyte agents operate based on assigned policies. To begin:**Navigation:** `Rules & Policies` → `Policy Management` → `Windows Threat Monitoring`

<figure><img src="/files/s1oVxkf2qt6cQMZ1sfiE" alt=""><figcaption></figcaption></figure>

#### **1.1 Enable Reporting for Unknown Processes**

To identify running processes on agent-installed computers **before** implementing blocking:

* Select **"Report Unknown Processes Except Allow Listed"**
* This generates reports showing all non-allowlisted processes, enabling you to review and allowlist legitimate applications before enforcement.

#### **1.2 Enable Blocking for Unknown Processes**

To enforce restrictions:

* Select **"Terminate Process If Not Allow Listed"**
* This blocks all non-allowlisted processes on the computer.

#### **1.3 Enable User Notifications**

To notify end-users when applications are blocked:

* Select **"Notify User When Process Is Terminated"**
* A popup notification will display when a process is terminated due to policy violation.

<figure><img src="/files/D9O5f79VjHhnXoNDV96i" alt=""><figcaption></figcaption></figure>

### **2. Configuring Allowlisting**

To allowlist applications for end-user computers:**Navigation:** `Analysis & Investigation` → `Artifact Analysis` → `Windows Artefacts` → `Windows Process Analysis`

<figure><img src="/files/EjucfpHzcSSg2I8xyEQo" alt=""><figcaption></figcaption></figure>

**Procedure:**

1. Locate the desired process
2. Right-click and select **"App. Control Management"**
3. Choose either:
   * **"Add to Host Process Allow List"** — for individual computers
   * **"Add to Group Process Allow List"** — for computer groups

<figure><img src="/files/dVrX4qZZd7ielBVC99OT" alt=""><figcaption></figcaption></figure>

### **3. Viewing and Managing Allowlisted Processes**

To review, modify, or remove allowlisted processes:**Navigation:** `Rules & Policies` → `Artifact Classification` → `Host-Group Based Permission List`

<figure><img src="/files/yLtgKiOadTJld2URjJGU" alt=""><figcaption></figcaption></figure>

**Available Actions:**

* Click the **three-dot menu (⋯)** next to any process to:
  * Edit the entry
  * Remove from allowlist
  * Delete the rule

<figure><img src="/files/5kqnSqaIDcW2960YMMdO" alt=""><figcaption></figcaption></figure>

### **4. Listing Application Allowlist Rules per Computer**

To view or modify allowlist rules applied to a specific agent-installed computer:**Navigation:** `Most Used` → `Asset Management`

**Procedure:**

Locate the target computer

Click the **"View Allow Listed Processes"** icon next to the hostname

<div align="center"><figure><img src="/files/91DR6QDMHZ4x47IrluJo" alt=""><figcaption></figcaption></figure></div>

A new tab opens displaying all allowlisted processes for that computer, where you can:

* View current rules
* Modify entries
* Remove processes
* Update configurations

<figure><img src="/files/vssHoEkd2qF9kMdJHWQA" alt=""><figcaption></figcaption></figure>

### **Quick Reference: Navigation Paths**

<br>

| Task                    | Navigation Path                                                                             |
| ----------------------- | ------------------------------------------------------------------------------------------- |
| Activate Policy         | Rules & Policies → Policy Management → Windows Threat Monitoring                            |
| Allowlist Processes     | Analysis & Investigation → Artifact Analysis → Windows Artefacts → Windows Process Analysis |
| Manage Allowlists       | Rules & Policies → Artifact Classification → Host-Group Based Permission List               |
| Computer-Specific Rules | Most Used → Asset Management → \[Computer] → View Allow Listed Processes                    |
| Blocked Processes       | Most Used -> Asset Management -> Application Control Management                             |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/process-application-control-policy-management-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.