The Difference Between an Application and a Policy
Applications and Policies in ThreatLocker are two separate things that work in conjunction with one another in order to create and maintain your whitelist.
An Application is a container for the list of files and custom options (e.g. path, process, created by, certificate) that define a specific application.
In the screenshot below, you can see different file hashes and custom options that make up this specific application.
An Application by itself does not permit or deny a piece of software. It is simply a list. In order to permit or deny this application, it must have a Policy that points to it.
A Policy is the set of permissions that are applied to an Application and it will define how an Application is permitted or denied in your environment. A Policy is where you will set if the specified application is permitted or denied, add Ringfencing if needed, set it for specific users or groups, etc. In the screenshot below, the highlighted name is the Policy name, and the smaller font below the highlighted title is the Application name.