Symantec maintains a worldwide blacklist of external computers and files that is updated regularly and integrated with Symantec Endpoint Detection and Response. You can supplement this list with policies for the items that haven't been identified as a threat, but that you deem untrustworthy. Symantec EDR currently only supports blacklists for Symantec EDR appliances only.
If you create a Blacklist policy through the EDR cloud console in the Cloud environment, that policy applies to all registered Symantec EDR appliances. But you can also create a policy through the EDR cloud console for a specific appliance only. However, when you create a policy that is applied for a specific appliance, that policy does not propagate back to the Cloud environment.
In the EDR appliance console, you must have the Admin role or Controller role to create policies. In the EDR cloud console console, you must Site Administrator, Customer Administrator, or Allow Remediation permissions.