Citadel / Controls / ForbiddenProcesses

ForbiddenProcesses Control

What does this control check?

The ForbiddenProcesses control checks for running programs or background services that violate your organization's security or compliance policies. A "process" is any program currently running on your computer, whether visible or in the background. The specific list of forbidden processes is configured by your IT team.

Important: Citadel will tell you which specific process(es) need to be stopped. Processes may be forbidden because they represent malware, unauthorized software, cryptocurrency miners, remote access tools, or applications that violate security policies. Some forbidden processes run invisibly in the background without your knowledge, consuming resources, monitoring your activities, or communicating with external servers.

Why is this important?

🦠

Malware Detection

Forbidden processes may indicate malware or potentially unwanted programs running on your device. Detecting and stopping these processes prevents damage and data theft.

👁️

Unauthorized Activity

Some processes run without your knowledge, potentially monitoring your activities, stealing credentials, or providing remote access to attackers.

⚠️

Policy Enforcement

Forbidden processes may represent unauthorized software, crypto miners, or tools that violate company policies and create security or legal risks for the organization.

How to fix this

Stopping Forbidden Processes on Windows

Step 1: Open Task Manager

  1. Press Ctrl + Shift + Esc to open Task Manager
  2. OR right-click the taskbar and select Task Manager
  3. If you see a simple view, click More details at the bottom

Step 2: Find and stop the forbidden process

  1. Look through the Processes tab for the forbidden process name
  2. OR use the search box in the top-right to search for the process
  3. Right-click on the forbidden process
  4. Select End task
  5. Click End process if prompted to confirm

Step 3: Prevent the process from restarting

Stopping a process is temporary - it may restart when you reboot or when its parent application runs. To permanently fix this:

  1. Identify which application is running the forbidden process
  2. Uninstall that application: SettingsAppsInstalled apps
  3. OR contact IT support if you're unsure what to do
⚠️ Important notes:
  • Don't end processes you don't recognize - some are essential Windows system processes
  • If the process immediately restarts, it may be malware - contact IT support
  • Citadel will tell you the specific process name - only end that one
  • Contact IT support if you need help identifying which app is causing the process

Stopping Forbidden Processes on macOS

Step 1: Open Activity Monitor

  1. Press Command + Space to open Spotlight
  2. Type Activity Monitor and press Enter
  3. OR navigate to ApplicationsUtilitiesActivity Monitor

Step 2: Find and stop the forbidden process

  1. Use the search box in the top-right to search for the forbidden process name
  2. Click on the forbidden process to select it
  3. Click the X button (stop icon) in the toolbar
  4. Select Quit or Force Quit
  5. The process should disappear from the list

Step 3: Prevent the process from restarting

Stopping a process is temporary - it may restart when you reboot or when its parent application runs. To permanently fix this:

  1. Identify which application is running the forbidden process
  2. Uninstall that application by moving it from Applications to Trash
  3. OR contact IT support if you're unsure what to do
⚠️ Important notes:
  • Don't quit processes you don't recognize - some are essential macOS system processes
  • If the process immediately restarts, it may be malware - contact IT support
  • Citadel will tell you the specific process name - only quit that one
  • Contact IT support if you need help identifying which app is causing the process

Verifying the fix

After stopping the forbidden process, Citadel will automatically verify this control during its next check.

To verify the process is stopped:

  1. Open Task Manager (Ctrl + Shift + Esc)
  2. Go to the Processes tab
  3. Search for the process name using the search box
  4. The forbidden process should not appear in the list
  5. If it reappears after a few minutes, the parent application may need to be uninstalled

To verify the process is stopped:

  1. Open Activity Monitor
  2. Search for the process name in the search box
  3. The forbidden process should not appear in the results
  4. If it reappears after a few minutes, the parent application may need to be uninstalled
  5. Try restarting your Mac to see if the process stays gone