Version
7.0.0.x, below 7.0.1.1456.
Issue
When adding a "Ban by policy" rule for specific policies, the ban takes effect for the selected policies and may also take effect implicitly on policies that were not selected.
Symptoms
This is observed in the following scenarios
- The hash that was banned on the selected policies will be blocked also on endpoints that belong to the policies that were implicitly added to the rule.
- When checking the history of the file (under: Assets --> Files --> File details --> History) it will show that the rule was added to the selected policies and also to the additional policies that were not selected by the user.
Cause
The hash ban rule will be added to policies that were created as a clone of another policy.
Solution
Use the following workaround to resolve the issue
- Remove the existing "hash ban" rule.
- Create a new policy from scratch (no clone of another policy)
- Move the relevant endpoints from the old cloned policy to the new policy created from scratch.
- Create a 'ban by hash' rule for the selected policies. The new ban rule will take effect only on the selected policies.
Important Note(s)
This is fixed in 7.0.1.1561 P9