Policy Rules

Expand Rules to do the following tasks:

Task	Steps
View list of rules assigned to this policy.	Rules assigned to the policy appear in the table below the Assign Rule button. Tip: Operating system applications considered safe by Certified Safe Software are allowed unless specifically blocked by a rule.
Assign rule to this policy.	Click Assign Rule, and then do one of the following: To select existing rules to assign to the policy, select Existing. The Assign Existing Rules to Policy screen appears. Select the rule or rules to assign and then click Assign Rules. To add a new rule and assign it to the policy, select one of the following rule types: New Allow To learn about granting additional "allow" rights to child processes, see About Trusted Sources. New Block To learn about available and default blocking methods, see About Blocking Methods. New Lockdown To learn about endpoint inventories related to "lockdown mode", see About Endpoint Inventories. The Add Rule screen appears. Edit the rule and then click Save & Assign. Note: Settings on the Add Rule screen that appears are identical to those displayed if you go to Management > Rules to add or edit a rule. See Add or Edit Rule Screen.
Remove selected rules from this policy.	Select the rule or rules in the list, click Remove Selected, and then click Remove Selected again. Rules removed from a policy are not deleted. To restore a rule, assign it to the policy again. To permanently delete a rule, use Delete Selected on the Rules Screen. See Rules Screen.

Task

Steps

View list of rules assigned to this policy.

Rules assigned to the policy appear in the table below the Assign Rule button.

Tip:

Operating system applications considered safe by Certified Safe Software are allowed unless specifically blocked by a rule.

Assign rule to this policy.

Click Assign Rule, and then do one of the following:

To select existing rules to assign to the policy, select Existing. The Assign Existing Rules to Policy screen appears. Select the rule or rules to assign and then click Assign Rules.
To add a new rule and assign it to the policy, select one of the following rule types:
- New Allow
  
  To learn about granting additional "allow" rights to child processes, see About Trusted Sources.
- New Block
  
  To learn about available and default blocking methods, see About Blocking Methods.
- New Lockdown
  
  To learn about endpoint inventories related to "lockdown mode", see About Endpoint Inventories.
The Add Rule screen appears. Edit the rule and then click Save & Assign.

Note:
Settings on the Add Rule screen that appears are identical to those displayed if you go to Management > Rules to add or edit a rule. See Add or Edit Rule Screen.

Remove selected rules from this policy.

Select the rule or rules in the list, click Remove Selected, and then click Remove Selected again.

Rules removed from a policy are not deleted. To restore a rule, assign it to the policy again. To permanently delete a rule, use Delete Selected on the Rules Screen. See Rules Screen.

Expand Rules to configure the following policy settings for matched users and endpoints:

Policy Setting	Details
Always allow all applications in the Windows directory (overrides block and lockdown rules)	By default, Endpoint Application Control allows all applications located in the Windows directory. This functions like an Allow rule for the Windows default path, overriding any Block or Lockdown rules. See About Rule Priority. To disable this feature, clear this check box.
Automatically apply Lockdown rules to endpoints while they are disconnected	Disconnected endpoints are unable to receive or apply new policies. By default, that means a disconnected endpoint continues applying its current policy. To automatically apply any Lockdown rules in this policy to endpoints that disconnect, select this check box.
Use the more compatible, less feature-rich, user-level blocking method	Kernel-level blocking prevents applications from starting by blocking file access. This provides greater security, but may unexpectedly block or momentarily delay access to certain files needed by allowed applications. User-level blocking allows applications to start and then stops them at the task level. This may be unable to stop certain applications after they start and is less feature-rich than kernel-level blocking. User-level blocking is unable to block link libraries (DLLs) and is unable to support the Trusted Source feature. To apply user-level blocking for matching policies, select this check box. Note: Trend Micro recommends user-level blocking only if you are having problems with kernel-level blocking. See About Blocking Methods. Only kernel-level blocking supports the Trusted Source feature. See About Trusted Sources.

Policy Setting

Details

Always allow all applications in the Windows directory (overrides block and lockdown rules)

By default, Endpoint Application Control allows all applications located in the Windows directory. This functions like an Allow rule for the Windows default path, overriding any Block or Lockdown rules.

See About Rule Priority.

To disable this feature, clear this check box.

Automatically apply Lockdown rules to endpoints while they are disconnected

Disconnected endpoints are unable to receive or apply new policies. By default, that means a disconnected endpoint continues applying its current policy.

To automatically apply any Lockdown rules in this policy to endpoints that disconnect, select this check box.

Use the more compatible, less feature-rich, user-level blocking method

Kernel-level blocking prevents applications from starting by blocking file access. This provides greater security, but may unexpectedly block or momentarily delay access to certain files needed by allowed applications.

User-level blocking allows applications to start and then stops them at the task level. This may be unable to stop certain applications after they start and is less feature-rich than kernel-level blocking. User-level blocking is unable to block link libraries (DLLs) and is unable to support the Trusted Source feature.

To apply user-level blocking for matching policies, select this check box.

Note:

Trend Micro recommends user-level blocking only if you are having problems with kernel-level blocking. See About Blocking Methods.

Only kernel-level blocking supports the Trusted Source feature. See About Trusted Sources.