# Settings for Robot Policies > Runtime analyzer rules verify that processes adhere to organization policies when executed by robots. Runtime rules are included in activity packages and apply to certain activities in those packages. The robot retrieves the configured runtime rules and each one is verified when an activity that requires it is executed. ## Runtime Analyzer Runtime analyzer rules verify that processes adhere to organization policies when executed by robots. Runtime rules are included in activity packages and apply to certain activities in those packages. The robot retrieves the configured runtime rules and each one is verified when an activity that requires it is executed. On the Runtime Analyzer tab, you can select which runtime rules to enable, set the rule actions, and configure rule parameters. The rules are configured similarly to how you configure Workflow Analyzer rules. Automation Ops™ comes with the following default runtime rules: * **RT-UIA-001 (App/Url Restrictions)** - Allows you to define a list of allowed / blocked applications or URLs for the activities in the [UI Automation](https://docs.uipath.com/activities/docs/about-the-ui-automation-activities-pack) activities package. * **RT-OUT-001 (Email Blocklist)** - Allows you to define addresses to which emails cannot be sent by activities from the [GSuite](https://docs.uipath.com/activities/docs/about-google-gsuite-activities), [Mail](https://docs.uipath.com/activities/docs/about-the-mail-activities-pack). and [Office 365](https://docs.uipath.com/activities/docs/about-the-microsoft-office-365-activities-pack) activities packages. By default, the rules are enabled but no parameters are defined. The action is set to **Error**, which means that when a rule violation is detected, an error is thrown and the execution stops. ## Enable Runtime Governance Runtime governance is not enabled by default. A banner is displayed at the top of Automation Ops™ pages informing you that the feature is disabled. Click **Enable** in the banner to enable the runtime analyzer. ![docs image](https://dev-assets.cms.uipath.com/assets/images/robot/robot-runtime-governance-is-disabled-image-8477-68f4b2e2.webp) You can also enable/disable runtime governance using the following API requests: ``` POST "[environment_URL]/{organizationName}/roboticsops_/api/Product/Robot/enable" -H "Authorization: Bearer {token}" ``` ``` POST "[environment_URL]/{organizationName}/roboticsops_/api/Product/Robot/disable" -H "Authorization: Bearer {token}" ``` You can retrieve the token from the browser developer tools. In Google Chrome: 1. Open **Developer Tools** from an Automation Ops™ page and select **Application**. 2. Under **Storage**, select **Local Storage** and then the application (e.g. cloud.uipath.com). 3. Locate the **token** key and copy its value. ## RT-UIA-001 - App/Url Restrictions The rule checks whether any restricted applications or web pages are used in the project. Restrictions are set by defining lists of either allowed or blocked applications and URLs using the available parameters. The rule checks both local and remote applications (for example, applications automated over RDP connections). :::note The rule is available starting with UiPath.UIAutomation.Activities v21.10.3. ::: To define the applications and/or URLs that are allowed, use the following parameters: * **whitelistApps** - Execution is allowed only for the applications that are on this list. * **whitelistUrls** - Execution is allowed only for the URLs that are on this list. To define the applications and/or URLs that are prohibited, use the following parameters: * **blacklistApps** - Execution is allowed for all the applications that are not on this list. * **blacklistUrls** - Execution is allowed for all the URLs that are not on this list. If both prohibited and allowed lists are set up for the same scope (applications or URLs), the allowed list takes precedence. #### **Configuring Restrictions** Specify a list of URLs / application names separated by comma (,) or semicolon (;). If multiple items are specified, they are all verified. You can use the `*` and `?` wildcard characters to define patterns. For example: * `*uipath*.exe` - blocks all executable files with names that start with `uipath`. * `*www.uipath*.com` - blocks all URLs that start with `uipath`, regardless of the protocol used. #### **What the Rule Verifies** For both modern and classic activities, the rule verifies at execution time each target UI element found using the defined selector or an input UI element. :::note To avoid an impact on performance, UI automation-related triggers such as **Click Trigger** and **Key Press Trigger** do not perform any verification. The checks are performed by the underlying workflow activities. ::: ## RT-OUT-001 - Email Blocklist The rule checks all the activities from the Mail, Office365, and GSuite packages that send, reply, or forward emails, send notifications, create events or send calendar invites, and verifies that the emails are not sent to recipients added to the email blocklist. :::note The rule is available starting with the following package versions: * UiPath.GSuite.Activities v1.11.3 * UiPath.Mail.Activities v1.12.2 * UiPath.Office365.Activities v1.11.1 ::: #### **Configuring restrictions** Using the **EmailRegex** parameter, specify a pattern for the email addresses that are not allowed using a regular expression. For example: * `.*@uipath.com` - blocks all emails sent to addresses with the uipath.com domain. * `.*@(?!uipath\.com$)` - blocks all emails except those sent to addresses with the uipath.com domain. #### **What the Rule Verifies** The rule verifies all the properties that indicate email recipients in the following activities that can send emails: * **Mail package**: + **Integrations (StudioX) activities** - Send Email, Forward Email, Reply To Email, Send Calendar Invite :::note The rule does not apply when activities save messages as drafts rather than sending them. ::: + **App Integration activities** - Send Exchange Mail Message, Send IBM Notes Mail Message, Send Outlook Mail Message, Reply To Outlook Mail Message * **GSuite package** - Send Mail Message, Create Event, Add Attendee, Share File, Delete Event, Modify Event * **Office 365 package** - Send Mail, Reply to Mail, Forward Mail, Add Attendee, Share File/Folder ## Configure Runtime Rules ![docs image](https://dev-assets.cms.uipath.com/assets/images/robot/robot-configure-runtime-rules-image-8393-032bbb7f.webp) For each default rule, you can configure the following options: * **Enabled** - Select this option to enable the rule. * **Action** - Set the action of the rule: **Error**,**Warning**,**Info**, or **Verbose**. The default action is Error. * **Parameters** - To edit a parameter, click **Edit** next to it and then deselect the **Use default value** option to configure restrictions in the **Value** box.