Application Control Rules and Rule Sets within an AC and DC policy
SEP RU2, Applicatin and Device control policy, Application control Rule Sets........... There are "Rules" and there are "Conditions". For each "condition" under each Rule in a Rule set, there are multiple choices for "Actions" under the Actions tab as follows:
- Continue Processing Other Rules
- Allow Access
- Block Access
- Terminate Process
In a way, that's not too difficult to get or understand, HOWEVER, I'm confused as to exactly when or where a couple of them could or should be applied, and what are the consequences.
For example, the last 3 are pretty simple if taken on their own, but number 1 tossed in there leaves me wondering if not understanding full impact is part of our problems here.
Let's say I have 10 rule sets (actually, that's pretty close) - each with a different purpose. In the top rule set, I have a situation where I block process abc from touching any files in folder xyz with xyz\*- but near the bottom tell it to not apply to THESE files and define those. Then in actions - I could choose BLOCK.
Does it STOP with that and not process any other rules in this set, or does it stop and not process any other rules or rule sets at all? And if I choose "continue processing other rules" - uh, what does it do then? I'm not telling it to block, I'm not telling it to allow, I'm not telling it anything at all, just "continue" - so what the heck is the point of "continue processing other rules" since you've got this great condition defined in a rule set - but you don't tell it do to anything at all, just "move along to the next rule please".
What exactly does it do if I choose #1?
And if I choose 2 or 3, does it allow or block and then simply stop since I can not ALSO tell it to continue on?!?!?
I have NEVER used "continue processing other rules" because hey, if I do, then I can't tell it to allow or block! So what's the point?
And if I choose allow or block, does it continue on or not? And if it stops with THAT rule of ALLOW or stops after a BLOCK, then where does it stop - in THAT rule set, or does it finish that rule set and then stop, never seeing the remaining rules?
I don't want IE to automatically install plugins, helpers and so on, but DO want it to allow one in particular - but with more rule sets and more rules, it's getting complex and things are not working - and worse, although we are sure it's SEP blocking this product, it's never logged