Policy Rules

View list of rules assigned to this policy.

Rules assigned to the policy appear in the table below the Assign Rule button.

Assign rule to this policy.

Click Assign Rule, and then do one of the following:

• To select existing rules to assign to the policy, select Existing. The Assign Existing Rules to Policy screen appears. Select the rule or rules to assign and then click Assign Rules.

Remove selected rules from this policy.

Select the rule or rules in the list, click Remove Selected, and then click Remove Selected again.

Always allow all applications in the Windows directory (overrides block and lockdown rules)

By default, Endpoint Application Control allows all applications located in the Windows directory. This functions like an Allow rule for the Windows default path, overriding any Block or Lockdown rules.

Automatically apply Lockdown rules to endpoints while they are disconnected

Disconnected endpoints are unable to receive or apply new policies. By default, that means a disconnected endpoint continues applying its current policy.

Enable protection against suspicious objects (requires subscription to Apex Central)

Endpoint Application Control protects matched endpoints against suspicious objects.

Use the more compatible, less feature-rich, user-level blocking method

Kernel-level blocking prevents applications from starting by blocking file access. This provides greater security, but may unexpectedly block or momentarily delay access to certain files needed by allowed applications. This feature is only supported on policies set to first match “User and Group” criteria (excluding the “SYSTEM” account).

User-level blocking allows applications to start and then stops them at the task level. This may be unable to stop certain applications after they start and does not support the Trusted Source feature and blocking of link libraries (DLLs) and Java interpreter applications.