Expand Rules to do the
following tasks:
|
Task
|
Steps
|
||
|
View list of rules assigned to this
policy.
|
Rules assigned to the policy
appear in the table below the Assign Rule
button.
|
||
|
Assign rule to this policy.
|
Click Assign
Rule, and then do one of the following:
|
||
|
Remove selected rules from this
policy.
|
Select the rule or rules in
the list, click Remove Selected, and then
click Remove Selected again.
|
Existing. The Assign Existing Rules to
Policy screen appears. Select the rule or
rules to assign and then click Assign
Rules.The following table outlines additional configuration options.
|
Policy Setting
|
Details
|
|
Always allow all
applications in the Windows directory (overrides block and
lockdown rules)
|
By default, Endpoint
Application Control allows all applications located in the
Windows directory. This functions like an Allow rule for the Windows default path, overriding
any Block or Lockdown rules.
|
|
Automatically apply
Lockdown rules to endpoints while they are
disconnected
|
Disconnected endpoints are
unable to receive or apply new policies. By default, that means
a disconnected endpoint continues applying its current
policy.
|
|
Enable protection against
suspicious objects (requires subscription to Apex
Central)
|
Endpoint Application Control
protects matched endpoints against suspicious objects.
|
|
Use the more
compatible, less feature-rich, user-level blocking
method
|
Kernel-level blocking prevents applications from
starting by blocking file access. This provides greater security, but may
unexpectedly block or momentarily delay access to certain files needed by allowed
applications. This feature is only supported on policies set to first match “User
and Group” criteria (excluding the “SYSTEM” account).
User-level blocking allows applications to start and
then stops them at the task level. This may be unable to stop certain applications
after they start and does not support the Trusted Source feature and blocking of
link libraries (DLLs) and Java interpreter applications.
|