Hardening privilege control mode
Most of the widely used programs are automatically placed in the Trusted category, because they either have a digital signature of the manufacturer, or are included in the KSN Allow list. This allows toughening the restrictions for the other programs: they can be automatically moved in the High Restricted orUntrusted category. In the latter case, KES will automatically block the start of unknown programs that have no digital signature and for which there are no allowing rules within the policy. If a program necessary for work is blocked, you can configure an exclusion for it.