Application Control (EPP Only)

Applications Control is a shared configuration area for both Endpoint Detection and Response (EDR) and Endpoint Protection Platform (EPP). This tab allows you to block a wide range of resources, including applications, URLs, and software.

Section	Supported In	Description
Add to Blocklist	EPP (All OS)	Blocks applications, URLs, and software identified as malicious or non-compliant. You can also define schedules to block specific application names.
Allowlist	EPP (Linux only)	Allows trusted applications to run even if they match block conditions. Available only on Linux as a limited customer release.

Add to Blocklist

You can manually add entries to the blocklist or perform a bulk import to block multiple items at once.
Supported input types include SHA256, IP, URL, and Application Name.

Before uploading a JSON file for bulk import, refer to the Exclusion Support topic for details on the supported format and structure.

Manually Add Entries

To add to the blocklist manually

1. Click the plus (+) icon.
2. In the Add to Blocklist window, choose Add Manually.
3. From the drop-down list (next to the Add button), select the type of item you want to block — SHA256, IP, URL, or Application Name.
4. Enter the corresponding value for your selection. Example: If you select IP, enter the IP address to be blocked.
5. Click Save. 

If you select SHA256, IP, or URL for blocking, the entries are blocked at all times. However, if you select an Application Name, you can define a schedule to control when the application is blocked.

Schedule Blocking

Schedule Blocking is a handy cybersecurity and IT management feature. It helps you control which apps can be used at different times. For example, EDR Manager and EDR Analyst users can block non-work apps during business hours or prevent unauthorized software use after work. This ensures that only approved apps are used when they should be, boosting productivity, reducing security risks, and keeping everything in line with company rules. 

How do you open the Schedule Application Blocking window?

To open the Schedule Application Blocking window, follow these steps:

1. On the EDR's menu bar, click Configuration.
2. In the EDR Profile tab, click New Profile. To edit a profile, hover on the profile name, click the downward arrow that appears next to the profile name, and then click Edit. 
3. In the Settings tab, click Next.
4. In the Application Control tab, go to Add to Blocklist section and then click the the plus sign. 
5. In the Add To Blocklist window, select Appname in the drop-down and in the corresponding field, add the application name. See How do you use the scheduler.
6. Click Schedule Blocking and then click Configure. 

How do you use this scheduler?

You can either completely block an application or set specific times for when it should be restricted. 

Follow these steps: 

1. After entering the application details, you have two options: 
   • Completely Block the Application: This will prevent the application from running on your system. 
   • Set a Schedule for Blocking: You can specify specific times when the application should be blocked. 

Set a Schedule for Blocking

Limit access during certain times - Click and drag your mouse over the time slots you want to block. We call this 'Restricted' blocking. During these times, your users cannot access the blocked applications.

Completely Block an Application

For a full 24/7 block, including weekends, click Block All. This is what we call "Blocked." Your users cannot access the specified applications until the schedule is completely or partially unblocked.

Manage Blocked Schedule

You can unblock a blocked time slot by clicking it, or  use the "Clear All" functionality to reset your entire schedule.

How do you Delete Schedules for Blocked or Restricted Applications?

To delete your schedules for blocking or restricting access to applications, do the following:

1. Find the schedule you want to delete.
2. Click  next to the schedule.

Perform a Bulk Import

To perform a bulk import

1. Click the plus (+) icon.
2. In the Add to Blocklist window, choose Bulk Import.
3. Browse and upload the JSON file.
4. Click Save. 

Allowlist

You can create an allowlist and define how it is applied to endpoints. The allowlist lets you specify trusted applications or resources that are permitted to execute or communicate, even when general block policies are in place.

Available only on Linux as a limited customer release.

Allowlist Application Modes

You can choose how the allowlist is applied to endpoints by selecting a data collection mode.

Mode	Description
Data Collection	Collects information about application activity without enforcing restrictions.
Audit Only	Monitors and logs policy violations without blocking them.
Enforce	Actively applies the allowlist policy and blocks non-compliant activity.

Add Application Path

You can add application paths to the allowlist manually, select them from the existing application inventory, or perform a bulk upload. 

 You cannot add an application path when the Allowlist is set to Data Collection mode.

To add an application path 

1. Choose one of the following options:
2. Select from Inventory – Choose the required application path from the list displayed below.

   • Select the path and click Save.

   • Add Path Manually – Enter the full application path, click Add, and then click Save.

Perform a Bulk Import

You can use Bulk Import to upload multiple entries to the Allowlist in a single operation. The import file must be in JSON format and follow the supported structure defined in the Exclusion Support topic.

To perform a bulk import

1. Click the plus (+) icon.
2. In the Add to Blocklist window, choose Bulk Import.
3. Click Browse and select the JSON file containing the entries.
4. Click Save.