About policies

Create and view policies in the EDR appliance console on the
Deny List
Users are blocked from accessing items in the deny list.  The deny list supplements Symantec's global deny list with the items that have not yet been identified as a threat but that you deem untrustworthy.
Allow List
Users are allowed to access items in the allow list.  Since these are items that you deemed trustworthy,
Symantec EDR
takes no action when endpoints access items in the allow list. 
Create rules about the actors/processes you want monitored, recorded on the endpoint activity recorder, and sent to Symantec EDR.  Or you can choose not to monitor an actor/process event because you know it is benign.
You must have the Admin role or Controller role to create policies.