The Policies page lets you create Blacklist policies and Whitelist policies for files and external computers. This page is also where you can manage the policies that you created or that Symantec Advanced Threat Protection (ATP) creates when you take the Add to Blacklist or Add to Whitelist action when remediating incidents.
Only users with the Admin or Controller role can create Blacklist policies and Whitelist policies.
Table: Policy types
These are the files and external computers that ATP has not identified as a threat, but that you deem untrustworthy.
If you run ATP in inline block mode, ATP blocks users from accessing the external computers or files that you specify in your Blacklist policies. If you run ATP in tap mode or inline monitor mode, users can access items in your Blacklist. ATP generates an event when users attempt to access items in Blacklist policies regardless of which operation mode you use.