What must be created manually for programs located at the root of C:\ with frequently changing hashes?

For programs located in the root of C:\ that have frequently changing hashes, a custom application and policy must be created manually. This is necessary because standard security measures often rely on static characteristics, such as file hashes, to determine whether to allow or deny execution. However, if the hashes of these programs are changing frequently, they cannot be effectively managed with automated rules based on hash values.

Developing a custom application and policy enables precise control over what is allowed to execute, regardless of hash changes. This approach allows security teams to define explicit rules and parameters tailored to these specific applications, considering their behavior and operational context rather than relying solely on dynamic hashes that may cause legitimate applications to be blocked or misclassified.

On the other hand, a customer application policy typically refers to broader configurations that may not specifically address the unique challenges posed by frequently changing hashes. A default block policy is more about denying execution across the board rather than providing flexibility for specific use cases, and a backup policy is unrelated to the execution or management of application security in this context. Thus, creating a custom application and policy is essential to maintain operational continuity and security for programs that frequently change their characteristics.