Should a properly setup Application and Device Control policy prevent a logged on
user from creating a file in the specified folder? As a first-time test, I created an App policy to block the write attempt of a text file (c:\temp\*.txt). However, when I logon to the client I can still create a .txt file under c:\temp. The policy is enabled and set to production (I'm working in a VM test environment).
I'm just trying to test settings to see if a file can be blocked from being written in a certain folder. I'm not sure if the Application policy for File and Folder Access Attempts applies only to a
process that attempts to write a file; or if it will work by testing by a
user attempt to write a file. If it only works for a
process, then how do you test that it's working?
Attached is the test policy, any help is appreciated.