After an agent finishes initialization and the existing files are locally approved, there is no event actions created in the console to track their execution.

• App Control Server: All Versions
• App Control Agent: All Versions

This is 100% by design.

During initialization the agent will locally approval all the files on disk to create a baseline approval for existing applications. This would then be considered expected executions and the agent will not create events to track these files unless one of the following changes:

1. A reputation change of the file marks it as malicious
2. A new rule changes the behavior and either blocks or prompts the execution of the file