All Products
Search

This Product

    Secure Access Service Edge:Manage software

    Document Center

    Secure Access Service Edge:Manage software

    Last Updated:Oct 30, 2024

    This topic describes how to view information about software installed on all office terminals, add software to a blacklist, view unauthorized software, and review the applications submitted by users who want to access unauthorized software.

    Software statistics

    The software statistics feature provides a comprehensive and intuitive overview of software installations across all office terminals of an enterprise. On the Terminals page, you can click the name of a terminal in the Terminal Name column to view the installed software. For more information, see View the terminal list. You can also perform the following operations on the Software Statistics page to view the installed software.

    1. Log on to the SASE console.

    2. In the left-side navigation pane, choose Software Management > Software Statistics.

    3. On the Software Statistics page, view the installed software information.

      软件统计

    4. Find the software that you want to view and click the number in the Terminals Installed with Software column. In the Installed Terminal Details panel, view information about all terminals on which the software is installed.

    Software blacklist

    Add software to a blacklist

    You can add software to a blacklist. This way, users cannot use software in the blacklist when they are working. This improves the office security of the enterprise. To configure a software blacklist, you must first define a specific software type, add software of that defined type, and then configure a blacklist policy for the added software.

    Secure Access Service Edge (SASE) provides built-in common software, such as instant messaging, cloud storage, cloud notes, and P2P download tools. You can directly configure blacklist policies for these built-in software.

    1. Log on to the SASE console.

    2. In the left-side navigation pane, choose Software Management > Software Blacklist.

    3. On the Unauthorized Software tab, create a software type.

      In the Software Type section, click Add. In the Add Software Type dialog box, enter a name for the custom software type and click OK.

      The name must be 1 to 128 characters in length and can contain letters, digits, hyphens (-), underscores (_), and periods (.). The name must start with a letter or digit.

      In the following example, a piece of instant messaging software is used.

    4. Configure the software that you want to add to a blacklist policy

      Click Create Software. In the Create Software panel, configure the parameters. The following table describes the parameters. Click OK.

      Parameter

      Description

      Software Name

      The name of the software.

      The name must be 1 to 128 characters in length and can contain letters, digits, hyphens (-), underscores (_), and periods (.). The name must start with a letter or digit.

      Software Type

      The type of the software. Select the software type from the drop-down list.

      You can select up to 10 software types for a piece of unauthorized software.

      Terminal System

      The information about the terminal system, including the operating system on which the software runs, the process name, and the installation directory for the software.

      The operating systems include Windows and macOS. Each process name is associated with one unique installation directory. You can add up to 20 entries.

    5. Create a blacklist policy.

      Click Blacklist Policy Settings. On the Blacklist Policy Settings page, click Create Policy. In the Create Policy panel, configure the parameters. The following table describes the parameters. After you configure all required parameters, click OK.

      Parameter

      Description

      Policy Name

      The name of the blacklist policy.

      The name must be 1 to 128 characters in length and can contain letters, digits, hyphens (-), underscores (_), and periods (.). The name must start with a letter or digit.

      Action

      The action of the policy. Valid values:

      • Block Startup

      • Prompt Only

      Applicable User

      The users to which the policy applies.

      • All Users

      • Some Users: If you select Some Users, you must select the user groups to which the policy applies.

      Exception User

      The users to which the policy does not apply. If you want to specify multiple users, separate them with commas (,).

      Blacklist Software

      The software that you do not want users to access. You can specify the software by name or by type.

      • By Name: Select the name of the software.

        You can select up to 100 software names for a single policy.

      • By Type: Select the type of the software.

        You can select up to 100 software types for a single policy.

      Policy Status

      The policy status. You can enable or disable the policy.

      Priority

      The policy priority. Valid values: 0 to 99. A smaller value indicates a higher priority.

      Approval Process Configuration

      When a user wants to use a piece of unauthorized software, you can specify whether users must submit an application for approval.

      If you select Users can submit an application for approval, you must select an appropriate approval workflow.

      Prompt Display Configuration

      Configure the prompt message that appears in the dialog box when users submit an application. You can specify a message in Chinese or English.

    6. View information in the following sections: Violation Events, Unauthorized Software Top 5 and the corresponding Violations, and Users in Violation Top 5 and the corresponding Violations.

      You can click View More to view information about all unauthorized software and users who violate policies. image

    Review user applications

    If a user wants to use software in blacklists, the user can submit an application. After the user submits an application, you can review the application information on the User Application tab. After you approve the application, the user can use the software within a specific period of time. For more information, see Submit an application to use a piece of blacklist software.

    1. Log on to the SASE console.

    2. In the left-side navigation pane, choose Software Management > Software Blacklist.

    3. On the User Application tab, review the applications submitted by users.

      • Allow: approves an application submitted by a user. The users can use the software for a specific period of time.

      • Reject: rejects an application submitted by a user. The user cannot use the software. If the user uses the software, the operation is counted as a violation.

    Other operations

    • To view details of unauthorized software, perform the following operations: On the Unauthorized Software page, find the unauthorized software whose details you want to view and click Details in the Actions column.Details

    • To modify unauthorized software, perform the following operations: On the Unauthorized Software page, find the unauthorized software whose settings you want to modify and click Edit in the Actions column. In the panel that appears, modify the required parameters.

    • To delete unauthorized software, perform the following operations: On the Unauthorized Software page, find the unauthorized software that you want to delete and click Delete in the Actions column. After you delete a piece of unauthorized software, use of the software is not counted as a violation.

      Important

      Before you delete a piece of unauthorized software, make sure that the blacklist policies do not apply to the software. Otherwise, the unauthorized software cannot be deleted.

    References

    Submit an application to use a piece of unauthorized software