You can configure Endpoint Application Control rules and policies to dynamically update "Allowed application" lists based on the applications installed to a test endpoint maintained by your Endpoint Application Control administrator or IT department.
You can authorize IT administrators to intentionally install new applications on a test endpoint that trigger the "Block" action. Through use of the automatically added tags, the IT administrator can then create an "Allow" rule using the Known and dynamic search filter that searches for the policy-action and action-block tags. The agent dynamically updates the "Allow" list and allows all applications with the applied tags.
The Management > Rules screen appears.
The Management > Policies screen appears.
For example, select IP address from the drop-down and then type the IP address of the test endpoint.
Because the new application is not in the "Allowed applications" list, Endpoint Application Control tags the application with the policy-action and action-block tags.
The Management > Rules screen appears.
The Management > Policies screen appears.
Every time you install a new application on the test endpoint using the Enable "Policy action" log transfer to monitor applications with the Block action option, all endpoints dynamically update the allowed application list with the newly-installed application the next time the agent receives updated policy settings.