Excluding processes from access control

The access to Windows clipboard, screenshot capture, printers, and mobile devices is controlled through hooks injected into processes. If processes are not hooked, the access to these devices will not be controlled.

On the Exclusions page, you can specify a list of processes that will not be hooked. This means that clipboard (local and redirected), screenshot capture, printer, and mobile device access controls will not be applied to such processes.

For example, you applied a protection plan that denies access to printers, then started the Microsoft Word application. An attempt to print from this application will be blocked. But if you add the Microsoft Word process to the list of exclusions, then the application will not be hooked. As a result, printing from Microsoft Word will not be blocked, while printing from other applications will still be blocked.

To add processes to exclusions

1. Open the protection plan of a device for editing:

   Click the ellipsis (...) next to the name of the protection plan and select Edit.

   Device control must be enabled in the plan, so you can access the Device control settings.
2. Click the arrow next to the Device control switch to expand the settings, and then click the Exclusions row.
3. On the Exclusions page, in the Processes and folders row, click +Add.
4. Add the processes that you want to exclude from the access control.

   For example, C:\Folder\subfolder\process.exe.

   You can use wildcards:

   • * replaces any number of characters.
   • ? replaces one character.

   For example:

   C:\Folder\*

   *\Folder\SubFolder?\*

   *\process.exe

5. Click the check mark, and then click Done.
6. In the protection plan, click Save.
7. Restart the processes that you excluded to ensure that the hooks are properly removed.

The excluded processes will have access to clipboard, screenshot capture, printers, and mobile devices regardless of the access settings for those devices.

To remove a process from exclusions

Open the protection plan of a device for editing:

Click the ellipsis (...) next to the name of the protection plan and select Edit.

Device control must be enabled in the plan, so you can access the Device control settings.
1. Click the arrow next to the Device control switch to expand the settings, and then click the Exclusions row.
2. On the Exclusions page, click the trash can icon next to the process that you want to remove from the exclusions.
3. Click Done.
4. In the protection plan, click Save.
5. Restart the process to ensure that hooks are properly injected.

The access settings from the protection plan will be applied to the processes that you removed from the exclusions.

To edit a process in exclusions

1. Open the protection plan of a device for editing:

   Click the ellipsis (...) next to the name of the protection plan and select Edit.

   Device control must be enabled in the plan, so you can access the Device control settings.
2. Click the arrow next to the Device control switch to expand the settings, and then click the Exclusions row.
3. On the Exclusions page, click the Edit icon next to the process that you want to edit.
4. Apply the changes and click the check mark to confirm.
5. Click Done.
6. In the protection plan, click Save.
7. Restart the affected processes to ensure that your changes are applied correctly.