https://community.checkpoint.com/t5/Endpoint/Blade-Actions-Hierarchy/m-p/96948#M2617 <P>Do the actions in Entire Organisation filter through to other rules?</P><P>For example, will the exclusions set in 'Anti-Malware &gt; Scan all files upon access' set for the Entire organisation be applied to the groups within other Anti-Malware rules.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BladeActionsHierarchy.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8088i0ACF798E071BE924/image-size/large?v=v2&amp;px=999" role="button" title="BladeActionsHierarchy.jpg" alt="BladeActionsHierarchy.jpg" /></span></P><P>To create a new action the previous shared action has to be cloned. If the actions from&nbsp;Entire organisation are passed down, should we then manually remove each cloned action?&nbsp;</P><P>&nbsp;</P> Thu, 17 Sep 2020 12:55:17 GMT 64Bit 2020-09-17T12:55:17Z https://community.checkpoint.com/t5/Endpoint/Blade-Actions-Hierarchy/m-p/96948#M2617 <P>Do the actions in Entire Organisation filter through to other rules?</P><P>For example, will the exclusions set in 'Anti-Malware &gt; Scan all files upon access' set for the Entire organisation be applied to the groups within other Anti-Malware rules.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BladeActionsHierarchy.jpg" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/8088i0ACF798E071BE924/image-size/large?v=v2&amp;px=999" role="button" title="BladeActionsHierarchy.jpg" alt="BladeActionsHierarchy.jpg" /></span></P><P>To create a new action the previous shared action has to be cloned. If the actions from&nbsp;Entire organisation are passed down, should we then manually remove each cloned action?&nbsp;</P><P>&nbsp;</P> Thu, 17 Sep 2020 12:55:17 GMT https://community.checkpoint.com/t5/Endpoint/Blade-Actions-Hierarchy/m-p/96948#M2617 64Bit 2020-09-17T12:55:17Z https://community.checkpoint.com/t5/Endpoint/Blade-Actions-Hierarchy/m-p/97135#M2627 <P>I believe only the most specific rule applies, but&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/9483">@Oren_Shalgi</a>&nbsp;can probably confirm.&nbsp;</P> Mon, 21 Sep 2020 05:12:17 GMT https://community.checkpoint.com/t5/Endpoint/Blade-Actions-Hierarchy/m-p/97135#M2627 PhoneBoy 2020-09-21T05:12:17Z https://community.checkpoint.com/t5/Endpoint/Blade-Actions-Hierarchy/m-p/97775#M2652 <P>Hi,</P> <P>&nbsp;</P> <P>Endpoint policy follows a first-match concept, with Entire Organization being the last one that is being matched.</P> <P>In SmartEndpoint we have the shared action concept so you can re-use the same action and its settings on different rules.</P> <P>You have indication of the name in bold when the action on that rule is different than the one for Entire Organization.</P> <P>In the example above the setting that will enforced on group CAD are those that are defined in "Scan all files upon access CAD". If you make changes to "Scan all files upon access" you should do the same changes on&nbsp;"Scan all files upon access CAD" for them to apply, or change the action on that rule to "Scan all files upon access".</P> <P>Hope it is clearer.</P> <P>&nbsp;</P> <P>Oren.</P> Tue, 29 Sep 2020 09:25:39 GMT https://community.checkpoint.com/t5/Endpoint/Blade-Actions-Hierarchy/m-p/97775#M2652 Oren_Shalgi 2020-09-29T09:25:39Z