Issuing via Files on Computers:

1. Navigate to Assets > Files > Files on Computers > Filters > Add Filters:
   
   • File Path > begins with: <relevant Path>
   • Local State > is: Unapproved
   • Computer > is: relevant Computer
2. Click Apply
3. Select one or more of the filtered files
4. Action > Locally Approve

Issuing via Event Rule:

NOTE: These should only be used temporarily and with a specific timeframe in mind. Event Rules can add to Server overhead and in some instances could cause performance issues.

1. Navigate to Rules > Event Rules > Create Rule
2. Specify a relevant Rule Name, Description, and Status
3. Choose the relevant Properties for Event, File and Process.
   • Pay attention to which condition each Filter uses (and vs or)
   • Filters should be tailored for the current situation based on available and relevant data in Reports > Events.
4. The following is an example for Blocked Files where the Process writing the file is currently unknown/unavailable:
   • Rule Name: Retroactive Local Approval for Accounting
   • Status: Enabled
   • Event Properties:
     • Policy > is: Workstation-Accounting-HE
     • Subtype > is: Execution block (unapproved file)
   • File Properties:
     • First Seen Path > begins with: C:\Program Files (x86)\Accounting Software\
   • Process Properties:
     • First Seen Name > is: AcctngDashboard.exe
     • Publisher > is: Accounting Software, INC.
   • Action:
     • Change local file state > Approve
     • Resolve Related Approval Request: Checked
5. Choose Save.
6. From the right hand menu > Advanced > Re-apply rule > choose relevant timeframe, example:
   • Re-apply to past 2 Hour(s) of events
7. This will instruct the Server to review all Events received in the timeframe and re-apply the Event Rule.