For the base policy, use the sym_win_application_control_template.
- Add a custom program.
- Under your custom program, go to Settings > Resource Lists > Writable Resource Lists > Allow modifications to these files > List of files that can be modified
- Hit Add
- Use a wildcarded path to the resource (ie. c:\MyApplication\data\*)
- Enter in the path to the program that will be touching/changing these files (ie. c:\MyApplication\ApplicationExecutable.exe)
- Enter a rule name (ie "AllowMyApplicationToChangeFiles")
- Test before placing in production to make sure that you have the correct executable and file path
This should block anyone from modifying the files, but allow your application to change the files.
****Please note that this will only work if this is a hosted application that resides on the server that SCSP is installed on. If the application resides on another endpoint, then we cannot tell who (i.e. what application) is hitting the files.