Environment
- App Control Console: All Supported Versions
- App Control Agent: All Supported Versions
Objective
Create an Event Rule to automatically restore an endpoint to normal Enforcement Level after remaining in Local Approval longer than desired.
Resolution
Part 1 of 2 - Configuring the Alert
Part 2 of 2 - Creating the Event Rule
This is a article attached image 
This is a article attached image
- Log in to the Console and navigate to Tools > Alerts > edit "Local Approval Alert".
- Set the General > Status: Enabled
- Set the Criteria > Time Period accordingly. (Default is 1 hour)
- Set the Auto Reset to use the following:
- Status: Enabled
- Reset After: 1 Minute
- Click Save & Exit
Part 2 of 2 - Creating the Event Rule
- Navigate to Rules > Event Rules > Create Rule.
- Use the following details:
- Rule Name: Restore Normal Enforcement (or something memorable)
- Status: Enabled
- Event Properties: Policy > is: Local Approval Policy
- Event Properties: Subtype > is: Alert triggered
- Action: Move Computer
- Target: Restore to Normal Enforcement Level
- Click Save & Exit
This is a article attached image This is a article attached imageAdditional Notes
- Each Event Rule is designed to work with one Trigger at a time.
- If multiple endpoints are moved from Normal to Local Approval at the same time, only one endpoint will count as the Trigger.
- Only the Triggered endpoint will be moved back to Normal Enforcement
- See Related Content below for further related info
Related Content
App Control: Why is Event Rule Not Restoring All Endpoints to Normal Enforcement?
App Control: Event Rule is Not Restoring All Endpoints to Normal Enforcement
App Control: Error Received When Selecting "Move Computer" As A New Event Rule Action
App Control: Event Rule is Not Restoring All Endpoints to Normal Enforcement
App Control: Error Received When Selecting "Move Computer" As A New Event Rule Action
Thank you for your feedback.
Your feedback has been submitted and will be reviewed.