The Files tab of the Software Rules page shows all of the approvals and bans created at your site for specific individual files. These rules identify specific files by hash or optionally by filename (for bans only).

File-Specific Rules: Approvals and Bans describes the fundamentals of file rules.

Unified approvals and bans can be created in the following ways:

• From the Software Rules Files tab, open the Add File Rule page and enter the hash for a single file. For bans, you also have the option of using the filename or a specific path. Manage Unified Rules from the Software Rules Page describes this procedure.
• To create a rule for a single file, from a File Details or File Instance Details page, select one of the approval or ban commands on the Actions menu
• In a table of files (for example, the File Catalog), you can check one or more files and select one of the approval or ban commands on the Action menu to create one or more rules.
  Note: On the File Rules tab, you can import a list of file hashes to create multiple approvals or bans at one time, even if the files represented by the hashes do not yet exist on a server. However, the import dialog box does not allow you to specify that these hashes are banned or approved on all servers under Unified Management. If you want to use important hashes for unified rules, you can first import the hashes to one server and then use the procedure described in Copy Rules to Other Servers.
• You can check boxes for one or more files on the Files page and use the Action menu to change their state. For a single file, the right menu on the File Details and File Instance Details pages provides the same options. These menus provide the following choices for unified management of file rules:
  • Approve Globally on all Unified Servers – Immediately creates a hash-based rule globally approving the file(s) for all computers managed by all unified servers – no configuration is necessary.
  • Ban Globally on all Unified Servers – Immediately creates an active hash ban for the file(s) on all computers managed by all unified servers – no configuration is necessary.
  • Approve by Policy – Opens the Add Rule page with Approval as the Rule Type, allows you to select policies and servers to which this rule applies, and lets you specify whether to allow local administrators to override this rule. You can edit other parameters, such as the rule name and its description.
  • Ban by Policy – Opens the Add Rule page with Ban as the Rule Type, allows you to select policies and servers to which this rule applies, and lets you specify whether to allow local administrators to override this rule. You can edit other parameters, such as choosing to make the rule a report-only ban.
  • Approve on Unified Servers – Opens the Copy Rules to Unified Servers wizard, on which you can select the servers and policies to which you want the file(s) approved, and also specify whether to allow local administrators to override this rule. No other rule parameters can be changed when you use this command.
  • Ban on Unified Servers – Opens the Copy Rules to Unified Servers wizard, on which you can select the servers and policies to which you want the file(s) banned, and also specify whether to allow local administrators to override this rule. No other rule parameters can be changed when you use this command.
  • Remove Approval or Ban from all Unified Servers – Opens the Delete Rule progress wizard, deletes the rule from all connected servers, and returns the file(s) to an unapproved state.

Once you create an approval or ban rule, it appears on the File Rules page. Once a file rule has been created, all of the other unified rule management functions, such as copying rules or making them local, use the procedures described in Manage Unified Rules from the Software Rules Page.