This topic describes how to view information about software installed on all office terminals, add software to a blacklist, view unauthorized software, and review the applications submitted by users who want to access unauthorized software.
Software statistics
The software statistics feature provides a comprehensive and intuitive overview of software installations across all office terminals of an enterprise. On the Terminals page, you can click the name of a terminal in the Terminal Name column to view the installed software. For more information, see View the terminal list. You can also perform the following operations on the Software Statistics page to view the installed software.
Log on to the SASE console.
In the left-side navigation pane, choose .
On the Software Statistics page, view the installed software.
Find the software that you want to view and click the number in the Terminals Installed with Software column. In the Installed Terminal Details panel, view information about all terminals on which the software is installed.
Click Quick Import in the Actions column to add the software to a blacklist.
Software blacklist
Add software to a blacklist and view unauthorized software
You can add software to a blacklist. This way, users cannot use software in the blacklist when they are working. This improves the office security of the enterprise. To configure a software blacklist, you must first define a specific software type, add software of that defined type, and then configure a blacklist policy for the added software.
Secure Access Service Edge (SASE) provides built-in common software, such as instant messaging, cloud storage, cloud notes, and P2P download tools. You can directly configure blacklist policies for these built-in software.
Log on to the SASE console.
In the left-side navigation pane, choose .
On the Unauthorized Software tab, create a software type.
In the Software Type section, click Add. In the Add Software Type dialog box, enter a name for the custom software type and click OK.
The name must be 1 to 128 characters in length and can contain letters, digits, hyphens (-), underscores (_), and periods (.). The name must start with a letter or digit.
In the following example, a piece of instant messaging software is used.
Configure the software that you want to add to a blacklist policy.
You can configure the software on the Software List for Synchronization tab or the Custom Software tab based on your business requirements.
Method 1: Configure the software on the Software List for Synchronization tab
Click Create Software. In the Create Software panel, click the Software List for Synchronization tab. You can enter a software name in the search box to search for the software or select the software that you want to synchronize.
Click OK.
Method 2: Configure the software on the Custom Software tab
Click Create Software. In the Create Software panel, click the Custom Software tab and configure the parameters. The following table describes the parameters. Then, click OK.
Parameter
Description
Software Name
The name of the software.
The name must be 1 to 128 characters in length and can contain letters, digits, hyphens (-), underscores (_), and periods (.). The name must start with a letter or digit.
Software Type
The type of the software. Select the software type from the drop-down list.
You can select up to 10 software types for a piece of unauthorized software.
Terminal System
The information about the terminal system, including the operating system on which the software runs, the process name, and the installation directory for the software.
The operating systems include Windows and macOS. Each process name is associated with one unique installation directory. You can add up to 20 entries.
Create a blacklist policy.
Click Blacklist Policy Settings. On the Blacklist Policy Settings page, click Create Policy. In the Create Policy panel, configure the parameters. The following table describes the parameters. After you configure all required parameters, click OK.
Parameter
Description
Policy Name
The name of the blacklist policy.
The name must be 1 to 128 characters in length and can contain letters, digits, hyphens (-), underscores (_), and periods (.). The name must start with a letter or digit.
Action
The action of the policy. Valid values:
Block Startup
Prompt Only
Applicable User
The users to whom the policy applies.
All Users
Some Users: If you select Some Users, you must select the user groups to which the policy applies.
Exception User
The users to whom the policy does not apply. If you want to specify multiple users, separate them with commas (,).
Blacklist Software
The software that you do not want users to access. You can specify the software by name or by type.
By Name: Select the name of the software.
You can select up to 100 software names for a single policy.
By Type: Select the type of the software.
You can select up to 100 software types for a single policy.
Policy Status
The policy status. You can enable or disable the policy.
Priority
The policy priority. Valid values: 0 to 99. A smaller value indicates a higher priority.
Approval Process Configuration
Specify whether users can submit an application for approval when the users want to use a piece of unauthorized software.
If you select Users can submit an application for approval, you must select an appropriate approval workflow. For more information, see Configure an approval workflow.
Prompt Display Configuration
Configure the prompt message that appears in the dialog box when users want to use a piece of unauthorized software. You can specify a message in Chinese or English.
View information in the following sections: Violation Events, Unauthorized Software TOP5 and the corresponding Violations, and User in Violation TOP5 and the corresponding Violations.
You can click View More to view information about all unauthorized software and users who violate policies.
Review user applications
If a user wants to use software in blacklists, the user can submit an application. After the user submits an application, you can review the application information on the User Application tab. After you approve the application, the user can use the software within a specific period of time. For more information, see Submit an application to use a piece of unauthorized software.
Log on to the SASE console.
In the left-side navigation pane, choose .
On the User Application tab, review the applications submitted by users.
Allow: approves an application submitted by a user. The user can use the software for a specific period of time.
Reject: rejects an application submitted by a user. The user cannot use the software. If the user uses the software, the operation is counted as a violation.
Other operations
To view details of unauthorized software, perform the following operations: On the Unauthorized Software tab, find the unauthorized software whose details you want to view and click Details in the Actions column.
To modify unauthorized software, perform the following operations: On the Unauthorized Software tab, find the unauthorized software whose settings you want to modify and click Edit in the Actions column. In the panel that appears, modify the required parameters.
To delete unauthorized software, perform the following operations: On the Unauthorized Software tab, find the unauthorized software that you want to delete and click Delete in the Actions column. After you delete a piece of unauthorized software, use of the software is not counted as a violation.
ImportantIf a piece of software is on the Unauthorized Software tab but the software is authorized, check whether Process Name is correct in the Details panel.
Before you delete a piece of unauthorized software, make sure that the blacklist policies do not apply to the software. Otherwise, the unauthorized software cannot be deleted.
References
Submit an application to use a piece of unauthorized software