About Policy Deployment

After a user logs on to an endpoint, Endpoint Application Control evaluates the policy list in order to see if it matches the user or endpoint.

See About Rule Priority.

After matching a user or endpoint to a policy, user and endpoint matching stops and Endpoint Application Control deploys the policy by taking the following actions:

  1. The agent may perform an endpoint inventory.

    See About Endpoint Inventories.

  2. The agent identifies the current user.

  3. The server matches applications between the endpoint inventory and the rules in the policy.

    By default, Endpoint Application Control deploys policies that contain customized versions of rules. Customized versions of rules contain only the applications matched in each endpoint's inventory.

    See About Endpoint Inventories.

  4. The server deploys the policy.

  5. The agent applies the policy.

Deploying the Full Policy

During lockdown, if a user adds an application that was not on their endpoint during inventory, the application may be blocked even if it should be allowed. To always send the full list of applications, specify that the "full policy" be deployed.

To learn about other methods of allowing applications installed after lockdown, see About Lockdown Allow Conditions.

  1. Go to the Add or Edit Policy screen.

    See Policies Screen.

  2. Click the name of the policy to edit.
  3. Expand Deployment.
  4. Under Deploy the full policy in the following conditions, select Endpoint starts applying lockdown rules.

    See Policy Deployment.