Hello Chelopher,
thank you for notifying us about discrepancy between help site info and rules guide info. Correct information is in rules guide, misinformation on help site should be fixed shortly.
As for actions, I did not find any problems. I've tested "BlockProcessExecutable" action and did not have any problems as you can see in attached screenshot. I've used following rule:
<?xml version="1.0" encoding="utf-8"?>
<rule>
<definition>
<process>
<condition component="FileItem" property="FileName" condition="contains" value="blockmeplease" />
</process>
</definition>
<description>
<name>Blocked process - blockmeplease [TEST]</name>
<category>Default</category>
</description>
<actions>
<action name="BlockProcessExecutable" />
</actions>
</rule>
I can think of two things why it did not work for you:
There is certain time period during which the changes from server propagates to endpoints. Therefore the rule for blocking process executable can trigger only after this period
Certain executables cannot be blocked by design - this applies mostly to system components such as lsass.exe or svchost.exe. In this case there would be info in server log:
%timestamp% Info: Rule block hash: process "%processname%" is TRUSTED - will not block. Blocking rule: "%rulename%"
