The Prohibited Applications and Files Action makes sure that files, registry keys, and processes that must not be on endpoint computers are not present or running. The default settings show in the Prohibited Application Action Rules.
For Prohibited Application action rules, all check objects must be non-compliant to trigger the action and remediation. If only one check object is compliant, the action and remediation are not triggered.
See Compliance Action Rules for more information.