Scenario: you need to make a secure USB installer/runtime Allowed, regardless of drive letter, but you don't want to add hashes to your config without enabling EnableSignatureOptimization.
Background: when you set EnableSignatureOptimization to 1 AM only compares the hash of an executed item to your config's hash(es) if that item's path matches the path of a hash in your config. If you don't enable this setting then AM will compare the hash of everything it launches to whatever hashes you've added as Allowed items if there's no other rule making them allowed (e.g. the default rule - Trusted Ownership).
Issue: the AM console doesn't allow you to modify the path of an added hash to change it from e:\something.exe to ?:\something.exe (where ? = a single character wildcard)