You can disable all App-IDs introduced in
a content release if you want to immediately benefit from the latest
threat prevention, and plan to enable the App-IDs later, and you
can disable App-IDs for specific applications.
Policy rules
referencing App-IDs only match to and enforce traffic based on enabled
App-IDs.
Certain App-IDs cannot be disabled and only allow
a status of enabled. App-IDs that cannot be disabled include application
signatures that are implicitly used by other App-IDs (such as unknown-tcp).
Disabling a base App-ID could cause App-IDs which depend on the
base App-ID to also be disabled. For example, disabling facebook-base
will disable all other Facebook App-IDs.