Allow or Block Unrecognized Software

When you allow or block unrecognized software, an allow or block rule is automatically created and assigned to the ruleset used by the computer. Generally, use the following steps to allow or block software with Application Control:

Use a SoftwareChangeApi object to obtain a list of SoftwareChange objects.
Decide which software changes you want to allow or block.
Create a SoftwareChangeReview object and configure it with the list of software changes and the action to take on them. When you create a SoftwareChangeReview object, use it to define the IDs of the SoftwareChange objects you wish to allow or block and the action to take on the software changes.
Use the SoftwareChangeApi object to perform the software change review.

For more information about allow or block rules, see the Deep Security Help Center.

Example: Block unrecognized software on a computer

The following example code retrieves a list of unrecognized software on a computer and blocks the unrecognized software. See also the Review software changes operation in the API Reference.

Python

JavaScript

Java

def block_all_unrecognized_software(computer_id, api, configuration, api_version, api_exception):
    """ Blocks all software changes on a computer.
    :param computer_id: The ID of the computer.
    :param api: The Deep Security API modules.
    :param configuration: Configuration object to pass to the api client.
    :param api_version: The version of the API to use.
    :param api_exception: The Deep Security API exception module.
    :return: A list of SoftwareChangeReviewResult objects.
    """

    # Search for software changes on the computer
    # Search criteria
    search_criteria = api.SearchCriteria()
    search_criteria.field_name = "computerID"
    search_criteria.numeric_test = "equal"
    search_criteria.numeric_value = computer_id

    # Add criteria to search filter
    search_filter = api.SearchFilter(None, [search_criteria])

    # Perform the search
    software_changes_api = api.SoftwareChangesApi(api.ApiClient(configuration))
    computer_software_changes = software_changes_api.search_software_changes(api_version, search_filter=search_filter)

    # Block the unrecognized software
    # Create the software change review object and set action to block
    software_change_review = api.SoftwareChangeReview()
    software_change_review.action = "block"
    software_change_review.software_change_ids = []

    # Add the IDs of the software changes to block
    for software_change in computer_software_changes.software_changes:
        software_change_review.software_change_ids.append(software_change.id)

    # Perform the software change review
    return software_changes_api.review_software_changes(software_change_review, api_version)

/*
 * Blocks all software changes on a computer.
 * @param {Number} computerID The ID of the computer.
 * @param {ApiClient} api The Deep Security API exports.
 * @param {String} apiVersion The api version to use.
 * @returns {Promise} A promise object that resolves to an Array of SoftwareChangeReviewResult objects.
 */

exports.blockAllUnrecognizedSoftware = function (computerID, api, apiVersion) {
  return new Promise((resolve, reject) => {
    // Search for software changes on the computer
    // Search criteria
    const computerCriteria = new api.SearchCriteria();
    computerCriteria.fieldName = "computerID";
    computerCriteria.numericTest = api.SearchCriteria.NumericTestEnum.equal;
    computerCriteria.numericValue = computerID;

    // Add criteria to search filter
    const searchFilter = new api.SearchFilter();
    searchFilter.searchCriteria = [computerCriteria];

    // Add search filter to a search options object
    const searchOptions = {
      searchFilter: searchFilter
    };

    // Perform the search
    const softwareChangeApi = new api.SoftwareChangesApi();
    softwareChangeApi.searchSoftwareChanges(apiVersion, searchOptions)
      .then(results => {
        // Block the unrecognized software

        // Create the software change review object and set action to block
        const softwareChangeReview = new api.SoftwareChangeReview();
        softwareChangeReview.action = api.SoftwareChangeReview.ActionEnum.block;

        if (results.softwareChanges.length > 0) {
          // Add the IDs of the software changes to block
          softwareChangeReview.softwareChangeIDs = results.softwareChanges.map(softwareChange => softwareChange.ID);

          // Perform the software change review
          softwareChangeApi.reviewSoftwareChanges(softwareChangeReview, apiVersion)
            .then(softwareChangeReview => {
              resolve(softwareChangeReview.softwareChangeReviewResults);
            })
            .catch(error => {
              reject(error);
            });
        } else {
          resolve(results);
        }
      })
      .catch(error => {
        reject(error);
      })
  });
};

/*
 * Block all unrecognized software on a computer.
 * @param computerId The ID of the computer.
 * @param apiVersion The api version.
 */

public static SoftwareChangeReview blockComputerSoftwareChanges(Integer computerId, String apiVersion) {
    // Search for software changes on the computer
    // Search criteria
    SearchCriteria computerCriteria = new SearchCriteria();
    computerCriteria.setFieldName("computerID");
    computerCriteria.setNumericTest(NumericTestEnum.EQUAL);
    computerCriteria.setNumericValue(Long.valueOf(computerId.longValue()));

    // Search filter
    SearchFilter searchFilter = new SearchFilter();
    searchFilter.addSearchCriteriaItem(computerCriteria);

    // Perform the search
    SoftwareChangesApi softwareChangesApi = new SoftwareChangesApi();
    SoftwareChanges softwareChanges = new SoftwareChanges();

    try {
        softwareChanges = softwareChangesApi.searchSoftwareChanges(searchFilter, apiVersion);

        // Block the software changes
        SoftwareChangeReview softwareChangeReview = new SoftwareChangeReview();
        softwareChangeReview.setAction(ActionEnum.BLOCK);
        for (SoftwareChange softwareChange : softwareChanges.getSoftwareChanges()) {
            softwareChangeReview.addSoftwareChangeIDsItem(softwareChange.getID());
        }

        return softwareChangesApi.reviewSoftwareChanges(softwareChangeReview, apiVersion);
    } catch (ApiException e) {
        e.printStackTrace();
    }

    return null;
}