I am wondering if I am missing something or if this is a bug? I did not see it as a known bug when I went through the list.
We have multiple Block/Allow lists for ENS WC. Applying them using the System Tree causes no issues, but if I make a user PAR to apply an additional policy as multi-slot policy it does two things:
1) Overwrites the other WC Block/Allow lists (not merging with other multi-slot from the System Tree). I was not able to find an article for WC saying this is intended behavior but I know the user PARs can replace other policies like FRP keys).
2) The WC Block/Allow policy PAR causes the System Tree policy for Content Actions to be change to something else (maybe Default?). It no longer has any category blocking defined for the system. Anyone have a good thoughts on this? It seems more like a bug than anything but I still have not found good articles on how PARs apply in relation to the rest of the policies application methods.
ENS does not support multi-slot policy assignments. If you have a PAR, that will take precedence over system tree assignments and that is the policy that will be applied, not a combination of both.
The product guide for epo has a section on policy assignment rules. You can tell if a product is multi-slot capable by the behavior in the policy assignment section in system tree. When you assign a policy for a multi-slot product, when you click edit assignment, you will see policy1, policy2 sections, etc. where you can choose multiple policies. ENS or VSE is not multi-slot capable. So whatever policy is assigned, whether by system tree or PAR, that is the ONLY policy it will enforce.
It only affects the policy that the PAR specifies as for product, category, and policy name. So, if you have a WC par assignment and not a TP, the system tree assigned policy for wc will not be applied, but the par one will, whereas for tp, the system tree assigned will be applied.
There isn't any incompatibility for ens or any other product. I tested this on my test system. I created a par to assign 2 different policies for ens web control, which is multi-slot capable. I sent wakeup to system and when it reported back in after enforcing policies, I went to actions, directory management, view assigned policies for that system. It shows both assigned and applied via rule.
Endpoint Security Web Control
Block and Allow List
2 assignments: My Default, testMulti
So how exactly did you set up your par and what does your assigned policies show for that on a system you applied that to?
To get a par to honor multi-slot policies, you have to have all those policies in that par, as I sent you screenshot of. It will not apply both par and system tree assigned, it is either one or the other and if the par applies to the client, that is what gets assigned.