"Ban by policy" rule takes effect on more policies than selected
7.0.0.x, below 220.127.116.116.
When adding a "Ban by policy" rule for specific policies, the ban takes effect for the selected policies and may also take effect implicitly on policies that were not selected.
This is observed in the following scenarios
The hash that was banned on the selected policies will be blocked also on endpoints that belong to the policies that were implicitly added to the rule.
When checking the history of the file (under: Assets --> Files --> File details --> History) it will show that the rule was added to the selected policies and also to the additional policies that were not selected by the user.
The hash ban rule will be added to policies that were created as a clone of another policy.
Use the following workaround to resolve the issue
Remove the existing "hash ban" rule.
Create a new policy from scratch (no clone of another policy)
Move the relevant endpoints from the old cloned policy to the new policy created from scratch.
Create a 'ban by hash' rule for the selected policies. The new ban rule will take effect only on the selected policies.