Permissions and Enforcement Engine
Ceedo creates a temporary virtual user account – CWSuser – and runs designated applications under this account, ensuring complete separation between the isolated applications and the rest of the desktop environment at the user session and NTFS permissions level. This allows applications to have their own read and write permissions, network and resource access, etc., which differ from that of the logged on user.
Process and Signature Enforcement:
Ceedo has an integrated process and signature enforcement engine that, based on various rules, can prevent any unsigned process from running, stop processes with specific certificates from running, stop specific process names from running (with and without MD5), and more.