Environment
- App Control Server: All Supported Versions
- App Control Agent: All Supported Versions
Question
How does Local Approval differ from Low Enforcement policy?
Answer
Low Enforcement:
- When you are not concerned about unknown files and only need to block files that you have specifically created a File Ban Rule for: use Low Enforcement.
- Low Enforcement, by default, will enforce banned files while allowing users to install software that is either Approved or Unapproved (neither banned nor approved).
- Although unapproved files are permitted to execute, you can monitor them and respond with Emergency Lockdown if necessary.
- Low Enforcement is available to any Policy with the Mode, Control.
Local Approval:
- Local Approval is reserved for system use, and cannot be chosen directly when creating a Policy, regardless of Mode.
- This Enforcement Level instructs the Agent to issue Local Approvals of any new software (files created during local approval), even for computers otherwise under High Enforcement.
- While in Local Approval the only active Device Control settings are: Block writes to banned removable devices and Block executes from banned removable devices.
Additional Notes
- Moving an Agent into Local Approval will require a Full Suite License (Visibility and Control). Environments with only a Visibility License cannot use Local Approval.
- More details about Local Approval can be found in the User Guide chapter, "Approving and Banning Software".
Related Content