The availability of an application can be authorized, for example, based on a Locations and Devices zone. Once an application is running in a user session, it can remain active if the user shuts down the computer without logging off from the session. Then, if the user logs on from another computer outside of the zone that authorized the application, the application may still remain active despite its lack of authorization. Similarly, the application may remain active even if the user is no longer a member of the Active Directory group that was the basis for the user's access to that application.
You can configure the default behavior for applications in such situations at Security > Applications.
With the setting If running application is no longer authorized, terminate application, the application is terminated immediately (and abruptly) as soon a change in circumstances or configuration causes the user's authorization to disappear.
If this is not necessary or desirable, for example because the application must be closed down correctly in order to prevent data loss, you can choose If running application is no longer authorized, do nothing.
The option Default behavior if running application is no longer authorized evaluates an application's file hash as well.
To set different behavior for an individual application, open the application at Composition > Applications and change the setting on the tab Security > Authorized Files.