Application Control is configured globally, but is not used by a policy unless you apply an action to a policy. After you create an Application Control action in the Application Control configuration, you can change the Application Control action to enable it for each policy.
If you enable Application Control for an HTTPS proxy policy, you must also enable deep inspection of HTTPS content in the HTTPS proxy action. This is required for Application Control to detect applications over an HTTPS connection. For more information, see HTTPS-Proxy: Content Inspection. Application Control scanning of HTTPS content is not supported on XTM 21, 21-W, 22, 22-W, 23, and 23-W devices.
When you enable Application Control for a policy, the XTM device always identifies and creates a log message for applications that are dropped due to an Application Control action. If you want the XTM device to create a log message for all identified applications, even those that are not dropped, you must enable logging in each policy that has Application Control enabled.
For information about how to enable logging in a policy, see