This document has not been formally reviewed for accuracy and is provided "as is" for your convenience.
Summary
Answer
There are 2 solutions.
You can take the one you need or both.
Solution A: Enable two-way authentication check for both Controler and LG.
This solution can prevent the connection from the machines which do not have CA.
Steps(Both on LG and Controller machine):
1.Open m_agent_attribs.cfg (in <LR installer folder>\config)
2.Set ClientAuthentication="True" ServerAuthentication="Medium"
3.Restart magentproc.exe
Solution B: Enable SecurityModeOn.
This solution can prevent LR from opening none-LR processes.
Steps(Both on LG and Controller machine):
1.Open br_lnch_server.cfg (in <LR installer folder>\dat, <LR installer folder>\al_agent\dat, <LR installer folder>\launch_service\dat)
2.Set SecurityModeOn from 0 to 1
3.Restart magentproc.exe
Solution A is recommended.