Sophos Central Endpoint Protection - Application Policy Status "bypassed"

Slider states: 

Policy is bypassed

None of the settings of this policy will be applied to assigned targets. They will get their settings from the highest priority policy they are assigned to and which is not bypassed.   If you want to deactivate a specific setting, you need to re-enable this policy and set the relevant setting to off in the settings tab.
  1.  Does "Bypassed" mean disable this policy?  


  2. Since the Base Policy is last (bottom) Enforced.   How would only allow the application policy eg "Dropbox"  allow for certain users, but linking the Base policy (and not cloning the base, which would result in duplicate settings having to adjust both policies if base policy were adjusted)  that has "Dropbox" blocked.
  • Hi There, 

    Thank you for reaching us. Kindly refer to the below answered for your query,

    1.  Does "Bypassed" mean turn off this policy?  Yes, you’re right. Selecting Bypassed means that you’ll Bypass the whole policy setting you've created, and the endpoints will get the based policy settings on your central.


    2. Since the Base Policy is last (bottom) Enforced.   How would only allow the application policy, for example, "Dropbox" allows for certain users, but linking the Base policy (and not cloning the base, which would result in duplicate settings having to adjust both policies if the base policy were adjusted)  that has "Dropbox" blocked? - This isn’t possible since the on-based policy is being set as automatic enforce all the settings you created for the said policy by default and can't be overridden. For your desired set-up It would be better to created/duplicate the said policy and add the specific users/computer to the policies. Let say for example, on default policy, you’ll set allow "Dropbox" then add the users who need access to it and on the duplicate policy, you set to block "Dropbox". In this case, it’ll help you manage your policy much easier. 
    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • >> Let say for example, on default policy, you’ll set allow "Dropbox" then add the users who need access to it and on the duplicate policy, you set to block "Dropbox". In this case, it’ll help you manage your policy much easier. 

    So same question....would this result in duplicate settings having to adjust both policies if base policy were adjusted?  

  • Hi Jeff, 

    I guess I made my comments here a bit confusing. However, it won't still be the same since you can adjust the duplicate policy and change its access type so that it won't have duplicate settings from your base policy. There’s also another option you can do. You can create a new separate policy with a fresh configuration, not just cloned the existing base policy, and here you can apply the necessary change you want to add. You can refer to this documentation on how to add a new policy. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community