> ## Documentation Index > Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt > Use this file to discover all available pages before exploring further. # Application fencing > Application fencing controls what applications can do once they are running. ## How application fencing works With application fencing you can control how your application interacts with other applications. Or in other words, what child processes / applications your current application is allowed to launch. When legitimate applications are launched, they are doing many things on your system, including other application launches. For instance when you launch `GitHub client` on Windows, it launches other applications such as `git.exe` on your system along with other things. However, certain behaviors need to be restricted, such as `Microsoft Word` document trying to launch `PowerShell`. ## Configure application fencing If you trust the application publisher / developer, the simplest way is to allow all child processes for that application. This way you do not have to manually track what application needs to install / launch. Idemeum allows you to create custom rules to explicitly allow or deny certain interactions. For instance, you can deny all applications for `notepad.exe`, or deny only `powershell.exe` for Microsoft Word while allowing to launch other Microsoft applications. * Navigate to your idemeum admin portal * Create a manual rule, rule from event, or edit any other idemeum catalog rule * Navigate to `Application fencing` section and choose `Custom rule` * Click `+` button to define custom rule * You can add as many application fencing allow or deny rules as you need * Save the configuration Clean Shot 2026 05 25 At 13 12 46@2x