Access the Application Rules
Application Rules are applied to Application Groups. Application Rules can be used to enforce allowlisting, monitor, and assign privileges to groups of applications. They are a set of rules that apply to the applications listed in the Application Group.
You must have an Application Group before you can create an Application Rule.
Click Application Rules to view, create, or modify the following for each Application Rule:
| Option | Description |
|---|---|
| Target Application Group |
Select from the Application Groups list. |
| Action | Select from Allow Execution or Block Execution. This is what will happen if the application in the targeted Application Group is launched by the end user. Passive (No Change) is also an option in this dropdown on the macOS app rules. |
| End User Message | Select if a message will be displayed to the user when they launch the application. We recommend using Messages if you're blocking the execution of the application, so the end user has some feedback on why the application doesn't launch. |
| Auditing | |
| Raise an Event | Whether or not you want an event to be raised if this Application Rule is triggered. This will forward to the local event log file. |
| Trellix ePO Reporting Options | |
| ePO Threat Events | Select this option to raise an ePO Threat event. These are separate from Privilege Management for Mac reporting events. |
| Privilege Management Reporting | Select this option to raise a Privilege Management Reporting event. These are available in BeyondTrust Privilege Management Reporting. |
After you change the policy, click Submit and then Save to save the policy. In ePO 5.10 and later, if you have Trellix Approvals workflow enabled, this workflow can be modified to change the Save button to Submit for Review based on user permissions.
Application Rule Precedence
If you add more than one Application Rule to a Workstyle, entries that are higher in the list will have a higher precedence. Once an application matches an Application Rule, no further rules or Workstyles will be processed. If an application could match more than one Workstyle or rule, it is important that you order both your Workstyles and rules correctly. You can move Application Rules up and down to change the precedence.
For more information, please see Application Groups.
