One way to handle this would be add it to your anti-virus program as an unwanted program. It would stop the execution of that application. Someone else will need to chime-in from the iSeries side of the house.
If you’re users are locked down with valid user profile settings…. there’s no concern.
So what if the users can launch the app. A stripped down user account would only see his spooled files in Ops Nav. All of the scary stuff wouldn’t be authorized to run under their user profile.
In My humble Opinion the best way to isolated the use of the “scary stuff” in Ops Nav would be to use Application Administration. Port Restrictions at best should be used <ul> sparingly </ul> If you block the ports for Ops Nav nobody would be able to use it. Application Administration will allow to assign individual application functions to user profiles or groups and will provide a central point of administration. You can also use to enforce you FTP usage policies if you are not using exit programs. You Can access it from System i Navigator by right clicking on your i Series and selecting Application administration. Again I recommend you use the Application Administration <ul> sparingly </ul> otherwise you run the risk of locking yourself out. If you are looking for documentation I would give 1-800-IBM-Serve a call and open a software ticket. They can provide with good procedural documentation on how to use Application Administration effectively.