My question is if any way to exclude write/change protection of specific file type (.bat, .cmd) in whole computer?
New or changed files still will be not runnable, but existing files can be changed or deleted.
based on the product strategy of Application Control my first consideration would be to unsolidify such files. Because any not solidified file is not protected by Application control.
Why do you want to exclude any *.bat or *.cmd file?
Thank you Troja for your response.
My customer try this solution and want to allow end users to modify/delete existing script files.
Are you know any way to unsolidify files by extensions?
have not tested this in such a way. :-)
This was not necessary in any Application Control Project.
Queston, is it possible to copy the *.bat and *.cmd files to a specific directory. If yes, you can configure a trusted directory as well.
If they allow the script files to be changed they are essentially new batch files.
From your description, sounds like they do not want the files to be renamed yet allow their contents to be changed.
Is that a fair assessment?