Adding and testing a rule that terminates a process

Process Explorer is a tool that displays the DLL processes that have opened or loaded, and what resources the processes use. You can also use the Process Explorer to terminate a process. You can add a rule to terminate the Process Explorer if the user uses Process Explorer to try to terminate the Calculator application.
  1. To add and test a rule that terminates a process
  2. To add a rule that terminates a process, open an Application Control policy, and on the
    Application Control
    pane, click
    Add
    .
  3. In the
    Application Control Rule Set
    dialog box, under the
    Rules
    list, click
    Add > Add Rule
    .
  4. On the
    Properties
    tab, in the
    Rule name
    text box, type
    Terminates Process Explorer if Process Explorer tries to terminate calc.exe
    .
  5. To the right of
    Apply this rule to the following processes
    , click
    Add
    .
  6. In the
    Add Process Definition
    dialog box, under
    Processes name to match
    , type
    procexp.exe
    , and then click
    OK
    .
  7. In the
    Application Control Rule Set
    dialog box, under the
    Rules
    list, click
    Add > Add Condition > Terminate Process Attempts
    .
  8. On the
    Properties
    tab, in the
    Description
    text box, type
    dll stopped
    .
  9. To the right of
    Apply this rule to the following processes
    , click
    Add
    .
  10. In the
    Add Process Definition
    dialog box, in the text box in the
    Process name to match
    group box, type
    calc.exe
    , and then click
    OK
    .
  11. In the
    Application Control Rule Set
    dialog box, on the
    Actions
    tab, click
    Terminate process
    ,
    Enable logging
    , and
    Notify user
    .
  12. Under
    Notify user
    , type
    If you try to terminate the calc from procexp, procexp terminates
    .
  13. Click
    OK
    twice, and assign the policy to a group.
    Test the rule.
  14. To test a rule that terminates a process, on the client computer, download and run a free version of the Process Explorer from the following URL:
  15. In Windows, open the Calculator.
  16. Open the Process Explorer.
  17. In the
    Process Explorer
    window, right-click the
    calc.exe
    process, and then click
    Kill Process
    .
    The Process Explorer is terminated.