I deployed an application blocking policy via the EPO to a server with the agent running on it--the policy was told to block everything. To test to see if the agent blocked everything, we tried to install a new application on the server with the agent running on it--the agent should have blocked the application from being installed, but instead it just allowed the application installation. we can see the policy being deployed on the server while watching the logs we see the following: loading update from catalog.xml, Update list doesnt exist or is empty. i have the feeling that nothing is in the policys we are attempting to deploy.
We have tried this all ways, regular mode, adaptive mode, learned mode.
And we cant seem to view the rules which are created via the adaptive mode.
can anyone point me in the right direction?
Application blocking in HIPS is a default deny so once you enable application blocking it will block any application that you do not have an explicit rule set to allow. Check the local HIPS console and see if application blocking is enabled. If it is (because by default it is disabled) then the policy from EPO is enforcing fine and you should raise a query with the HIPS group.
If it is not you may want to attach a copy of the agent log on an affected client for further review.