<div>
Thank you. Is there a way to do this in SCCM Endpoint Protection?
</div>


<div>
What I see is, that there are not settings in endpoint protection to include additional files into the scan.<br />
This would be the precondition that Endpoint Protection would be able to block additional files (beside what is defined in the signature files).<br />
So, if there are no settings, there is also nothing what can be setup via SCCM.<br />
SCCM only distributes the SCEPInstall.exe file to the clients and add / changes registry keys defined via the SCCM policies, which are stored in the local HKLM\Software\Policies\Mic<wbr />rosoft Antimalware hive.<br />
<br />
In my mind, it doesn't really make sense as it is already a build in functionality of the OS.
</div>


<div>
<div class="content wysiwyg-content">
Is there any way to block applications to run on client computers with SCCM EndPoint protection? what are the steps?
</div>
</div>


Is there any way to block applications to run on client computers with SCCM EndPoint protection? what are the steps?

SCCM EndPoint

Systems Center Configuration Manager (SCCM, formerly known as Systems Management Server) is Microsoft’s system software for managing large groups of not only Microsoft computers, but those running other operating systems, such as Linux, OS-X, and various mobile technologies.