Execution Blocking Precedence Options
Application Control establishes precedence rules for execution blocking default option settings.
The Execution Blocking option follows a special rule pattern. When Ivanti Device and Application Control is installed, the LocalSystem account and Administrators group are automatically set up in Non-blocking mode to simplify routine administration, allowing you to install, scan, and authorize files. After you create a central file authorization list, you must manually change the option back to Blocking mode.
The Execution Blocking order of precedence is: User > Group (including Everyone) > Global User Options > Machine > Global Machine. The first explicit (no asterisk, *) in the order is the one that is used. Default settings with an asterisk (*) do not have an effect on the order.
The following flowchart outlines the execution blocking precedence rules process.
Important: When the Local Authorization option is disabled, user access to all unauthorized applications is blocked, regardless of the Execution Blocking option value setting.