When reviewing a Rules Analyzer log to view allowed execution requests, for applications that should be denied, this will show an allowed reason of None.
This appears to affect endpoints where the configuration has been created in a later console, than the agent software running on the endpoint. For example, a configuration file created on Application Control 10.1.455, deployed to an endpoint running Agent software 10.1.286.
The configuration should always match the version of the agent software running on the endpoint. Upgrade the Agent software to support the configuration file.