When adding new exceptions, ensure that you do not block the ports used for communication between the Apex One server and Security Agents.
You can locate the listening ports used by the Apex One server and Security Agents as follows:
Server listening port: Go to Administration > Settings > Agent Connection. The port number is under Agent Connection Settings.
Security Agent listening port: Go to Agents > Agent Management > Status. The port number is under Basic Information.
Verify the name and full paths entered. Application exception does not support wildcards.
For example, if you chose to deny all network traffic (inbound and outbound) and type the IP address for a single endpoint on the network, then any Security Agent that has this exception in its policy cannot send or receive data to or from that IP address.
All IP addresses: Includes all IP addresses
Single IP address: Type an IPv4 or IPv6 address, or a host name.
Range (for IPv4 or IPv6): Type an IPv4 or IPv6 address range.
Range (for IPv6): Type an IPv6 address prefix and length.
Subnet mask: Type an IPv4 address and its subnet mask.
The Edit Exception Template screen appears with the new exception added.
Save Template Changes: Saves the current exception template list settings but does not apply the settings to existing policies
Save and Apply to Existing Policies: Saves the current exception template list settings and immediately applies the settings to all existing policies