Rules in Application Block for OneView define which software applications and executables are blocked across your endpoints. Multiple rules can be applied to a single policy which then extends to all endpoints under that policy. As all rules are block rules, there is no priority order if multiple rules are applied to a single policy.
Create Application Block rule
- On the left navigation menu, click Monitor > Application Block.
- At the top menu, click the Rules tab.
- Click the Add rule + button.
- Enter a unique name for your block rule. This helps to quickly identify and manage the rule later.
- Select from the following options on how to apply your block rule:
- Global - All endpoints: This rule applies to all endpoints that have the policy setting enabled regardless of what policy the endpoint is assigned.
-
Policy or Sites
-
Specific: This rule applies to all endpoints that are assigned to the specific policies or sites selected.
All except: This rule applies to all endpoints that are NOT assigned to the specific policies or sites selected.
-
Specific: This rule applies to all endpoints that are assigned to the specific policies or sites selected.
- Select and configure the Rule type to determine what applications are blocked. See the table below for all Rule type options.
- On the top right, click Save. This automatically applies the rule to any endpoints that have the policy setting enabled and a rule assigned.
Basic rules
Basic application block rules select the Application or Vendor name to block the service. Portable applications are not blocked with this rule type. Advanced rule options must be used to block portable applications. Below is a table of the basic rule types:
Rule Type | Description | Configure |
Application | Software applications currently installed on your endpoints. Portable applications are not blocked with this rule type. Advanced rule options must be used to block portable applications. | Select applications from the provided list to block when setting up a block rule. |
Vendor | Vendors of software applications currently installed on your endpoints. | Select vendors of applications from the provided list to block when setting up a block rule. |
Advanced rules
Advanced application block rules use file information to block the service. Toggle Advanced rules on the page to create an advanced rule. Below is a table of the advanced rule types:
CAUTION - Do not use general naming conventions for property descriptions such as Browser for Google Chrome. This may impact other applications which are also considered a browser.
Rule Type | Description | Configure |
Certificate property | Property values associated with certificates of applications on your endpoints. | Select certificate property names and enter values to block applications. If multiple properties are selected, they are treated as OR statements. To find properties, see Get file information for Application Block rules in OneView. |
File path | The file path of the software application on the endpoint. | Enter the file path of the application to block, * is used as a wild card if required. |
File property | Property values associated with the file information across applications on your endpoints. | Select file property names and enter values to block applications. If multiple properties are selected, they are treated as OR statements. To find properties, see Get file information for Application Block rules in OneView. |
Hash value | Hash values and file byte sizes associated with the applications on your endpoints. Hash values include MD5, SHA-1, and SHA-256. | Enter the hash value and file size in bytes to block the application. To find hash information, see Get file information for Application Block rules in OneView. |
Return to Application Block.