About Lockdown Allow Conditions

The following conditions allow applications to start after applying a Lockdown rule:

Time of Application Install

Conditions that Allow Application Start

Before Lockdown rule applied

All of the following conditions are true:

  • The application is already installed on the endpoint before applying the lockdown rule.

  • The application is not specifically blocked by a Block rule in the policy.

After Lockdown rule applied

One of the following conditions are true:

  • A Lockdown rule in the policy excludes the application from lockdown.

  • An Allow rule in the policy matches the application by using File Paths or Certificates.

  • The full policy was deployed, and an Allow rule in the policy matches the application by using Known application dynamic search, Certified Safe Software list, or SHA-1 hash values.

    See About Policy Deployment.

Allowing Applications Installed After Lockdown

To ensure that an Allow rule allows applications that the user installs after a Lockdown rule is applied, do one of the following:

  • Set the policy to "deploy the full policy".
    1. Go to the Add or Edit Policy screen.

      See Policies Screen.

    2. Click the name of the policy to edit.
    3. Expand Deployment.
    4. Under Deploy the full policy in the following conditions, select Endpoint starts applying lockdown rules.

      See Policy Deployment.

  • Set the Allow rule to use a method that does not match applications by their names or SHA-1 hash values.
    1. Go to the Add or Edit Rule screen.

      See Rules Screen.

    2. Click the name of the Allow rule to edit.
    3. Expand Allowed applications.
    4. Add applications using only File Paths or Certificates methods.

      To learn about the methods used to match applications, see Match Using File Paths and .Match Using Certificates.

  • Set the Lockdown rule to exclude the applications from lockdown.
    1. Go to the Add or Edit Lockdown Rule screen.

      See Rules Screen.

    2. Click the name of the Lockdown rule to edit.
    3. Expand Applications excluded from lockdown.
    4. Add the file using any method.