Allow or Block Unrecognized Software

When you allow or block unrecognized software, an allow or block rule is automatically created and assigned to the ruleset used by the computer. Generally, use the following steps to allow or block software with Application Control:

  1. Use a SoftwareChangeApi object to obtain a list of SoftwareChange objects.
  2. Decide which software changes you want to allow or block.
  3. Create a SoftwareChangeReview object and configure it with the list of software changes and the action to take on them. When you create a SoftwareChangeReview object, use it to define the IDs of the SoftwareChange objects you wish to allow or block and the action to take on the software changes.
  4. Use the SoftwareChangeApi object to perform the software change review.

For more information about allow or block rules, see the Deep Security Help Center.

Example: Block unrecognized software on a computer

The following example code retrieves a list of unrecognized software on a computer and blocks the unrecognized software. See also the Review software changes operation in the API Reference.

Python
def block_all_unrecognized_software(computer_id, api, configuration, api_version, api_exception):
    """ Blocks all software changes on a computer.
    :param computer_id: The ID of the computer.
    :param api: The Deep Security API modules.
    :param configuration: Configuration object to pass to the api client.
    :param api_version: The version of the API to use.
    :param api_exception: The Deep Security API exception module.
    :return: A list of SoftwareChangeReviewResult objects.
    """

    # Search for software changes on the computer
    # Search criteria
    search_criteria = api.SearchCriteria()
    search_criteria.field_name = "computerID"
    search_criteria.numeric_test = "equal"
    search_criteria.numeric_value = computer_id

    # Add criteria to search filter
    search_filter = api.SearchFilter(None, [search_criteria])

    try:
        # Perform the search
        software_changes_api = api.SoftwareChangesApi(api.ApiClient(configuration))
        computer_software_changes = software_changes_api.search_software_changes(api_version, search_filter=search_filter)

        # Block the unrecognized software
        # Create the software change review object and set action to block
        software_change_review = api.SoftwareChangeReview()
        software_change_review.action = "block"
        software_change_review.software_change_ids = []

        # Add the IDs of the software changes to block
        for software_change in computer_software_changes.software_changes:
            software_change_review.software_change_ids.append(software_change.id)

        # Perform the software change review
        return software_changes_api.review_software_changes(software_change_review, api_version)

    except api_exception as e:
        return "Exception: " + str(e)
JavaScript
/*
 * Blocks all software changes on a computer.
 * @param {Number} computerID The ID of the computer.
 * @param {ApiClient} api The Deep Security API exports.
 * @param {String} apiVersion The api version to use.
 * @returns {Promise} A promise object that resolves to an Array of SoftwareChangeReviewResult objects.
 */
exports.blockAllUnrecognizedSoftware = function (computerID, api, apiVersion) {
  return new Promise((resolve, reject) => {// Search criteria
    const computerCriteria = new api.SearchCriteria();
    computerCriteria.fieldName = "computerID";
    computerCriteria.numericTest = api.SearchCriteria.NumericTestEnum.equal;
    computerCriteria.numericValue = computerID;= new api.SearchFilter();
    searchFilter.searchCriteria = [computerCriteria];= {
      searchFilter: searchFilter
    };= new api.SoftwareChangesApi();
    softwareChangeApi.searchSoftwareChanges(apiVersion, searchOptions)
      .then(results => {// Create the software change review object and set action to block
        const softwareChangeReview = new api.SoftwareChangeReview();
        softwareChangeReview.action = api.SoftwareChangeReview.ActionEnum.block;

        if (results.softwareChanges.length > 0) {softwareChangeReview.softwareChangeIDs = results.softwareChanges.map(softwareChange => softwareChange.ID);softwareChangeApi.reviewSoftwareChanges(softwareChangeReview, apiVersion)
            .then(softwareChangeReview => {
              resolve(softwareChangeReview.softwareChangeReviewResults);
            })
            .catch(error => {
              reject(error);
            });
        } else {
          resolve(results);
        }
      })
      .catch(error => {
        reject(error);
      })
  });
};
Java
/*
 * Block all unrecognized software on a computer.
 * @param computerId The ID of the computer.
 * @param apiVersion The api version.
 */
public static SoftwareChangeReview blockComputerSoftwareChanges(Integer computerId, String apiVersion) {//Search criteria
	SearchCriteria computerCriteria = new SearchCriteria();
	computerCriteria.setFieldName("computerID");
	computerCriteria.setNumericTest(NumericTestEnum.EQUAL);
	computerCriteria.setNumericValue(Long.valueOf(computerId.longValue()));= new SearchFilter();
	searchFilter.addSearchCriteriaItem(computerCriteria);= new SoftwareChangesApi();
	SoftwareChanges softwareChanges = new SoftwareChanges();
	
	try {
		softwareChanges = softwareChangesApi.searchSoftwareChanges(searchFilter, apiVersion);= new SoftwareChangeReview();
		softwareChangeReview.setAction(ActionEnum.BLOCK);
		for (SoftwareChange softwareChange : softwareChanges.getSoftwareChanges()) {
			softwareChangeReview.addSoftwareChangeIDsItem(softwareChange.getID());
		}
		return softwareChangesApi.reviewSoftwareChanges(softwareChangeReview, apiVersion);
	} catch (ApiException e) {
		e.printStackTrace();
	}
	return null;
}