The ePO policy has rules to Allow/Block network traffic. The client has a BLOCK ALL rule at the bottom of the policy. Any network traffic not allowed via ePO policy, will be automatically Blocked by the client. This is the reason why you don't need a BLOCK ALL rule at the bottom of the ePO policy, but some people prefer to see it in the policy anyways.
You can view this bi-directional block all rule at the bottom of the Host IPS 8.0 Client UI Firewall policy: Block All Traffic.
yes I found out under Client UI that at the bottom is Block All rule that catch everything else. I was a little confused about logic Enable / Disable rule and the fact that you could also create a block rule due to the fact that bottom rule block everything else
Thanks for help Kary !