Application control exceptions

Exceptions allow the configured action for an application control to be overridden for specified users, groups of users, and roaming users.

On the Application Control tab, the exceptions to the default configuration are listed at the bottom of the page. Click an application to view exception rules that may apply.

On occasion you may want to add users to exceptions for policies they are not yet using or leave users in an exception list for a policy they no longer use. This allows you to set rules for users before they are moved between policies—for example, when policy assignment has been changed in an LDAP directory. If you add an unknown user or if the user belongs to another policy, you receive a message to this effect. You can save rules that include users in other policies as well. These users are shown in the exception list with a red asterisk.

The exceptions table provides the following summary information about each rule:

The name assigned to the rule.

The application to which the rule applies. It always applies to the application you are viewing, but this indicates whether it applies to other applications. If there are multiple applications in the exception, click the link to see the application list. Note that if this is the case, the exception is also listed when you select the other application(s).

The users and groups to which the rule applies. If none are shown, it applies to all users of the policy.

The action for the rule, and whether it applies only to roaming users.

The state of the exception rule - on or off. You can change the rule's state in this table by clicking the State switch.

To create an exception rule:

On the Application Control tab, click a web application.

Click Add exception.

The rule State is set to ON by default, meaning the rule will be enabled for the users and groups you select. If you want to set up a rule but not enable it immediately, click the State switch to set it to OFF.

Enter a Name and Description for the rule.

Select the Action to apply from the drop-down list.

For an exception that should be applicable to roaming users only, mark Apply only when user is roaming.

Select the application to which the rule applies. To select multiple applications, use the Shift and/or Ctrl keys.

Enter or select the users and groups that will use the rule. You can also specify that the rule applies to all users and groups in the policy except the group you select.

Click Submit.