Admin user blocks, root user allows

Vishwa · May 30, 2026, 11:25am

What version are you using? (OS, client, server, etc.)

EPP - 2605.3.1.1 - (Linux)
OS Version 2604.0.1.0
Machine - RedHat Linux 9.7
For the scenario you’re describing, what settings/configuration do you currently have in place?

I’ve got a cap policy where all policy exit points are blocked, and custom content is set. No file types are set as I just want to see the content being blocked.
DPI is enabled and all other relevant setting enabled.
Currently my configuration allows for both computer and user rights but as we know, priority is computer rights by default.
In my CAP Linux policy, I only have the Linux machine selected and not the users.
I do have two users: admin and root
What error messages or unexpected behavior are you seeing?

As I said we I have two users. Computer rights are priority. I tested on the web bowser uploading files with custom content or just plain text there. In my admin user they are being blocked and reported but in the root user no block no log. My customer is facing the same issue so tried it in my own lab - same thing.
What have you tried so far?

Tried selecting both users along with computer in the policy. No luck.

Zoran · May 30, 2026, 6:30pm

Hi Vishwa,

A couple of things worth clarifying here.

The setting that determines whether User or Computer rights take priority applies exclusively to the Device Control module. It has no effect on Content Aware Protection (CAP) policies.

As for CAP, a policy applied at the computer level will cover all users logging into that machine. We see customers using computer-based policies, user-based policies, or a combination of both. The point is that the policies should work even if they are applied only on a single entity.

The behavior you are describing is unexpected. A computer-level policy should be enforced for every user logging in, without exception. I would recommend collecting logs while reproducing the issue with the affected user and submitting them to our support team. They should be able to determine the root cause fairly quickly.

I am curious to see what turns up, so if you could update the Community it would be appreciated.

Thanks,
Zoran

Topic		Replies	Views
Identifying and Auditing Content Aware Protection (CAP) Policy Assignments Ideas planned , ideas , effective-rights , content-aware-protection	4	137	February 9, 2026
Identifying and Auditing Content Aware Protection (CAP) Policy Assignments in Endpoint Protector Discussions & Questions endpoint-protector , content-aware-report	2	75	May 1, 2025
Difficulty Identifying User-Level Policies in Computer Tab Ideas endpoint-protector , ideas , planned-long-term	2	35	May 13, 2026
Permanent selection of Computers and Users inside policies Ideas endpoint-protector , under-review , ideas	2	48	January 30, 2026
Automatic filtration by username or computer name in Content Aware Report Ideas endpoint-protector , planned , ideas , content-aware-protection	2	67	November 28, 2025

Admin user blocks, root user allows

Related topics