If a program runs from Program Files, it is not blocked; if the same program runs from AppData\Local for example, it is blocked by DataGuard. Therefore, we recommend that in Windows you install software programs under Program Files. Windows has built-in security measures that make it harder for malware distributors to get into that location.
If a user asks you to allow an unsafe location and you allow it, then DataGuard allows everything in that specific location after that. This also applies to certain file names. For example, if a file in one location is replaced with another file that has the same name, DataGuard allows that file automatically.
When turned on, DataGuard automatically checks folders that contain user content such as documents. You can also manually add folders for DataGuard to check. Even though you can add paths based on individual user requests, we recommend that you use environment variables for Windows. For example, instead of adding c:\user\JohnSmith, use an environment variable %HOME%.