In a mixed environment with Cloud Detection Service (CDS) and Endpoint Agents, All-in-One policies (used for both CDS and Endpoint) may not produce incidents at the Endpoint.
Release : 15.7 MP3
CDS rules used as exceptions are not supported at the Endpoint. FileReader will drop unsupported rules and send the remaining rules to the Endpoint Agent.
In order to accomidate detection for the CDS and for Endpoint, the All-in-One policy needs to be separated into two policies in two different Policy Groups.
Consolidate the CDS related detection rules, and exceptions, into one policy and Endpoint related detection rules, and exceptions, into a second policy.
Assign the CDS policy into a CDS branded Policy Group. Assign the Endpoint Policy Group to the appropriate Endpoint Servers.