The Application and Device Control policy has two parts:
Application Control contains one or more rule sets. Each rule set contains one or more rules. You configure properties, conditions, and actions for each rule:
Rules define the application(s) that you want to monitor.
Conditions monitor specified operations for the application(s) defined in the rule. The condition also contains the actions to take when the specified operation is observed.
As you add the rules and conditions, you need to specify the specific properties of the condition and what actions to take when the condition is met. Each condition type has different properties.
Device control consists of a list of blocked devices and a list of devices that are excluded from blocking. You can add to these two lists and manage their contents.
Figure: Application and Device Control policy structure illustrates the application and device control components and how they relate to each other.