About Rule Priority

Policies match applications to rule types in the following order:

  1. Allow

  2. Block

  3. Lockdown

For example, the following policy applies a Lockdown rule to matching users and endpoints. Lockdown rules allow users to start any non-blocked application already on an endpoint before the Lockdown rule is applied. But, in this example, the policy still blocks the Chrome web browser, because the policy processes the Block rule before the Lockdown rule.

Figure 1. Policy Example

Endpoint Application Control combines criteria from the same types of rules for processing. If different rules of the same type match the same application, the policy applies only the first matching rule using the following order of matching methods:

  1. Certified Safe Software and Endpoint Inventory Searches

  2. Certified Safe Software Selection List

  3. SHA-1 Hash Values

  4. File Paths

  5. Certificates