Allow or Block Unrecognized Software
When you allow or block unrecognized software, an allow or block rule is automatically created and assigned to the ruleset used by the computer. Generally, use the following steps to allow or block software with Application Control:
- Use a
SoftwareChangeApiobject to obtain a list ofSoftwareChangeobjects. - Decide which software changes you want to allow or block.
- Create a
SoftwareChangeReviewobject and configure it with the list of software changes and the action to take on them. When you create aSoftwareChangeReviewobject, use it to define the IDs of theSoftwareChangeobjects you wish to allow or block and the action to take on the software changes. - Use the
SoftwareChangeApiobject to perform the software change review.
For more information about allow or block rules, see the Deep Security Help Center.
Example: Block unrecognized software on a computer
The following example code retrieves a list of unrecognized software on a computer and blocks the unrecognized software. See also the Review software changes operation in the API Reference.
Python
def block_all_unrecognized_software(computer_id, api, configuration, api_version, api_exception):
""" Blocks all software changes on a computer.
:param computer_id: The ID of the computer.
:param api: The Deep Security API modules.
:param configuration: Configuration object to pass to the api client.
:param api_version: The version of the API to use.
:param api_exception: The Deep Security API exception module.
:return: A list of SoftwareChangeReviewResult objects.
"""
# Search for software changes on the computer
# Search criteria
search_criteria = api.SearchCriteria()
search_criteria.field_name = "computerID"
search_criteria.numeric_test = "equal"
search_criteria.numeric_value = computer_id
# Add criteria to search filter
search_filter = api.SearchFilter(None, [search_criteria])
# Perform the search
software_changes_api = api.SoftwareChangesApi(api.ApiClient(configuration))
computer_software_changes = software_changes_api.search_software_changes(api_version, search_filter=search_filter)
# Block the unrecognized software
# Create the software change review object and set action to block
software_change_review = api.SoftwareChangeReview()
software_change_review.action = "block"
software_change_review.software_change_ids = []
# Add the IDs of the software changes to block
for software_change in computer_software_changes.software_changes:
software_change_review.software_change_ids.append(software_change.id)
# Perform the software change review
return software_changes_api.review_software_changes(software_change_review, api_version)
JavaScript
/*
* Blocks all software changes on a computer.
* @param {Number} computerID The ID of the computer.
* @param {ApiClient} api The Deep Security API exports.
* @param {String} apiVersion The api version to use.
* @returns {Promise} A promise object that resolves to an Array of SoftwareChangeReviewResult objects.
*/
exports.blockAllUnrecognizedSoftware = function (computerID, api, apiVersion) {
return new Promise((resolve, reject) => {
// Search for software changes on the computer
// Search criteria
const computerCriteria = new api.SearchCriteria();
computerCriteria.fieldName = "computerID";
computerCriteria.numericTest = api.SearchCriteria.NumericTestEnum.equal;
computerCriteria.numericValue = computerID;
// Add criteria to search filter
const searchFilter = new api.SearchFilter();
searchFilter.searchCriteria = [computerCriteria];
// Add search filter to a search options object
const searchOptions = {
searchFilter: searchFilter
};
// Perform the search
const softwareChangeApi = new api.SoftwareChangesApi();
softwareChangeApi.searchSoftwareChanges(apiVersion, searchOptions)
.then(results => {
// Block the unrecognized software
// Create the software change review object and set action to block
const softwareChangeReview = new api.SoftwareChangeReview();
softwareChangeReview.action = api.SoftwareChangeReview.ActionEnum.block;
if (results.softwareChanges.length > 0) {
// Add the IDs of the software changes to block
softwareChangeReview.softwareChangeIDs = results.softwareChanges.map(softwareChange => softwareChange.ID);
// Perform the software change review
softwareChangeApi.reviewSoftwareChanges(softwareChangeReview, apiVersion)
.then(softwareChangeReview => {
resolve(softwareChangeReview.softwareChangeReviewResults);
})
.catch(error => {
reject(error);
});
} else {
resolve(results);
}
})
.catch(error => {
reject(error);
})
});
};
Java
/*
* Block all unrecognized software on a computer.
* @param computerId The ID of the computer.
* @param apiVersion The api version.
*/
public static SoftwareChangeReview blockComputerSoftwareChanges(Integer computerId, String apiVersion) {
// Search for software changes on the computer
// Search criteria
SearchCriteria computerCriteria = new SearchCriteria();
computerCriteria.setFieldName("computerID");
computerCriteria.setNumericTest(NumericTestEnum.EQUAL);
computerCriteria.setNumericValue(Long.valueOf(computerId.longValue()));
// Search filter
SearchFilter searchFilter = new SearchFilter();
searchFilter.addSearchCriteriaItem(computerCriteria);
// Perform the search
SoftwareChangesApi softwareChangesApi = new SoftwareChangesApi();
SoftwareChanges softwareChanges = new SoftwareChanges();
try {
softwareChanges = softwareChangesApi.searchSoftwareChanges(searchFilter, apiVersion);
// Block the software changes
SoftwareChangeReview softwareChangeReview = new SoftwareChangeReview();
softwareChangeReview.setAction(ActionEnum.BLOCK);
for (SoftwareChange softwareChange : softwareChanges.getSoftwareChanges()) {
softwareChangeReview.addSoftwareChangeIDsItem(softwareChange.getID());
}
return softwareChangesApi.reviewSoftwareChanges(softwareChangeReview, apiVersion);
} catch (ApiException e) {
e.printStackTrace();
}
return null;
}