How Symantec EDR applies deny list policies based on your operating mode
Inline block mode
Symantec EDR blocks users from accessing the external computers or files that you specify in deny list policies. When a user attempts to access a deny listed external computer or file, a blocking page appears explaining why access is denied.
Inline monitor mode
Users can access denied files and external computers.
Management platform mode
Symantec EDR blocks users from accessing SHA256 and MD5 file hashes.
Symantec EDRgenerates an event when users attempt to access items in deny list policies regardless of which operation mode you use.