Rules in Application Block for Nebula define which software applications and executables are blocked across your endpoints. Multiple rules can be applied to a single policy which then extends to all endpoints under that policy. As all rules are block rules, there is no priority order if multiple rules are applied to a single policy.
Create Application Block rule
- On the left navigation menu, navigate to Monitor > Application Block.
- Click the Rules tab.
- Click New.
- Enter a unique name for your block rule. This helps to quickly identify and manage the rule later.
- Select from the following options on how to apply your block rule:
- Global - All endpoints: This rule applies to all endpoints that have the policy setting enabled regardless of what policy the endpoint is assigned.
-
Policy
-
Specific: This rule applies to all endpoints assigned to the selected policies.
All except: This rule applies to all endpoints not assigned to the selected policies.
-
Specific: This rule applies to all endpoints assigned to the selected policies.
- Select and configure the Rule type to determine what applications are blocked. See the table below for all Rule type options.
- On the top right, click Save. This automatically applies the rule to any endpoints with the policy setting enabled and a rule assigned.
Basic rules
Basic application block rules select the Application or Vendor name to block the service. Portable applications, are not blocked with this rule type. Advanced rule options must be used to block portable applications. Below is a table of the basic rule types:
Rule Type | Description | Configure |
Application | Software applications currently installed on your endpoints. Portable applications, are not blocked with this rule type. Advanced rule options must be used to block portable applications. | Select applications from the provided list to block when setting up a block rule. |
Vendor | Vendors of software applications currently installed on your endpoints. | Select vendors of applications from the provided list to block when setting up a block rule. |
Advanced rules
Advanced application block rules use file information to block the service. Toggle Advanced rules on the page to configure an advanced rule. Below is a table of the advanced rule types:
CAUTION - Do not use general names for property descriptions such as Photoshop for Adobe applications. This may impact other applications which use photoshop.
Rule Type | Description | Configure |
Certificate property | Property values associated with certificates of applications on your endpoints. | Select certificate property names and enter values to block applications. If multiple properties are selected, they are treated as OR statements. To find properties, see Get file information for Application Block rules in Nebula. |
File path | File path of the software application on the endpoint. | Enter the file path of the application to block, * is used as a wild card if required. |
File property | Property values associated with the file information across applications on your endpoints. | Select file property names and enter values to block applications. If multiple properties are selected, they are treated as OR statements. To find properties, see Get file information for Application Block rules in Nebula. |
Hash value | Hash values and file byte sizes associated with the applications on your endpoints. Hash values include MD5, SHA-1, and SHA-256. | Enter the hash value and file size in bytes to block the application. To find hash information, see Get file information for Application Block rules in Nebula. |
Return to Application Block guide for Nebula.