Definition:

Once the agents have been installed, they are automatically associated with the default automatic learning policy. Once this phase has been completed, the policy is cloned and automatically put into protection mode.

    Each 'block' or 'weak signal' event is displayed in 'Related events' in the Overview section:

Click on 'related events' to check all the events linked to the alert in question:

You can click on each event to see the details: process, hash, filename, etc.

And for each of them, quick actions are available:

    If it's a positive event, you can modify the security rules in the Policy tab to add exceptions or from the Wizard tab --> "Choose action to take" directly from the alert:

Either click directly on Allow/Ignore then Apply, or choose "Build custom rule" and create the desired objects at process/Target/Rule level: