Yes, Cortex XDR Prevent's Restrictions profile works as you described -- I tested the setup last week. The issue is that it is a maintenance nightmare...it was not really designed with this in mind. You can stop all .EXE files from running from the user profile, but to allow some to run is based on the filename/hash. AppLocker should allow me to setup things so that .EXE files signed by GotoMeeting are allowed, but not others. Oh, and Microsoft keeps stuffing Office 365 stuff under the user profile like Teams, OneDrive, etc.
... View more