Explanation
The impact of using the wildcards in the application at path field is that executable files in the "Program Files" directory and subdirectories will be ignored by the VMware Carbon Black Cloud Endpoint Standard sensor.
This is because the permission rule has the following options selected:
Application at path: C:\Program Files**
Operation Attempt: Performs any operation
Action: Bypass
The application at path field specifies the path of the executable file that the rule applies to. The ** wildcard matches a partial path across all subdirectory levels and is recursive. For example, C:\Program Files** matches any files in that directory and all subdirectories1.
The operation attempt field specifies the type of operation that the executable file attempts to perform. The Performs any operation option means that the rule applies to any operation, such as creating a file, modifying a registry key, or executing a command.
The action field specifies the action that the VMware Carbon Black Cloud Endpoint Standard sensor takes when the rule is triggered. The Bypass option means that the sensor ignores the executable file and does not apply any blocking rules or log any events for it2.
Therefore, by using the wildcards in the application at path field, the permission rule effectively excludes any executable files in the "Program Files" directory and subdirectories from the VMware Carbon Black Cloud Endpoint Standard sensor's prevention and detection capabilities. References:
Prevention Policy Settings - VMware Docs, Permissions section, Action subsection.
Set Permission Policy Rules - VMware Docs, Procedure section, step 4.
Carbon Black Cloud: How to Use Wildcards in Policy Rules - Carbon Black Community, Wildcard Description table, ** row.