Network Security Policy evaluation

S’pose I had a file-group - JRE Updaters - comprising:

C:\Program Files\Common Files\Java\Java Update\jaucheck.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe

and over time I’ve established that those apps share the following zones:

[JRE update]
[sun.com - JRE updaters]

and so ‘JRE Updaters’ is configured to allow IP connections to those zones.

There exists individual Network Security policy for each app of the aforemened file-group to address IP address access attempts that have been observed unique to each app. If any ONE arbitrary IP address becomes common to all threep apps comprising the aforementioned file-group, the IP address is manually incorporated into the file-gropu network seurity policy ruleset (and deleted from association with each individial app as appropriate).

QWEXION: does the order of the network secuirty policy rulesets matter? That is, IF the app is found in the file-grouip and the IP address being checked does not exist for the file-group’s network security policy, will CIS continue examining the remaining policies?

OTOH, IF the network security policy for any explitely defined app is encountered first - the IP address in question not being found - will CIS continue to examine the remaining network secuirty policy rules defined (ultimately encountering the file-group networkk security policy), or will CIS automatically automatically exit evaluation of policy and generate an ‘unhandled exception’ alert?