Application control exceptions

Exceptions allow the configured action for an application control to be overridden for specified users, groups of users, and roaming users.

On the Application Control tab, the exceptions to the default configuration are listed at the bottom of the page. Click an application to view exception rules that may apply.

On occasion you may want to add users to exceptions for policies they are not yet using or leave users in an exception list for a policy they no longer use. This allows you to set rules for users before they are moved between policies—for example, when policy assignment has been changed in an LDAP directory. If you add an unknown user or if the user belongs to another policy, you receive a message to this effect. You can save rules that include users in other policies as well. These users are shown in the exception list with a red asterisk.

The exceptions table provides the following summary information about each rule:

• The name assigned to the rule.
• The application to which the rule applies. It always applies to the application you are viewing, but this indicates whether it applies to other applications. If there are multiple applications in the exception, click the link to see the application list. Note that if this is the case, the exception is also listed when you select the other application(s).
• The users and groups to which the rule applies. If none are shown, it applies to all users of the policy.
• The action for the rule, and whether it applies only to roaming users.
• The state of the exception rule - on or off. You can change the rule’s state in this table by clicking the State switch.