What are the default policy options for managing unhandled applications?

The default policy options for managing unhandled applications typically focus on minimizing risk while ensuring some level of operational capability. The option of restricting access and detecting these applications is grounded in the principle of defense in depth.

Restricting access means that unhandled applications cannot execute or operate freely on the endpoints, which helps prevent potential security incidents that could arise from their execution. This is crucial in environments where unknown or untrusted applications could introduce vulnerabilities or compromise sensitive data.

The detection component allows security teams to be aware of these unhandled applications. By collecting data and monitoring their activities, organizations can better understand their endpoint environments and address potential security gaps or initiate further investigation into the behavior associated with those applications.

This combination of restricting access while allowing detection provides a balanced approach to security management. It not only reduces the immediate risk posed by potentially harmful applications but also supports continuous monitoring and improvement of security policies based on detected threats.