{"id":24887,"date":"2018-12-07T13:44:38","date_gmt":"2018-12-07T13:44:38","guid":{"rendered":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/?post_type=ht_kb&#038;p=11322"},"modified":"2025-11-25T10:06:02","modified_gmt":"2025-11-25T10:06:02","slug":"how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm","status":"publish","type":"post","link":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/","title":{"rendered":"How to Blocklist \/ Allowlist apps on Windows devices"},"content":{"rendered":"<p>Some situations demand organizations to keep track of the apps used by the endpoints to determine that no insecure apps are present on corporate devices. Hexnode UEM lets you either blocklist or allowlist apps, which helps restrict unwanted apps and allows only company-approved apps on the device. In addition, it enables the administrators to take remedial actions so that the users do not access any untrusted apps from corporate devices.<br \/>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Notes:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<\/p>\n<ul>\n<li>The <em>Blocklist\/Allowlist<\/em> policy is supported on all editions of <strong>Windows 10<\/strong> and <strong>Windows 11<\/strong>, except <strong>Home<\/strong>. <\/li>\n<li>The following Hexnode apps are automatically allowlisted in the background:\n<ul>\n<li>Hexnode Remote Assist\n<li>Hexnode UEM <\/li>\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t<\/p>\n<h2>App Blocklisting\/Allowlisting<\/h2>\n<p><iframe loading=\"lazy\" width=\"755\" height=\"415\" allowfullscreen=\"\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2018\/12\/Blocklisting-Allowlisting-on-Windows-devices.mp4\"><\/iframe> <\/p>\n<ol>\n<li>Log in to your <strong>Hexnode UEM<\/strong> portal.<\/li>\n<li>Navigate to <strong>Policies > New Policy<\/strong>. Click on <strong>New Policy<\/strong> to create a new one or select an existing one to make edits. Then, enter the <em>Policy Name<\/em> and <em>Description<\/em> in the provided fields.<\/li>\n<li>Go to <strong>Windows > App Management > Blocklist\/Allowlist<\/strong>. Click on <strong>Configure<\/strong>.<\/li>\n<li>You can configure the blocklist\/allowlist settings in two ways,\n<ul>\n<li><strong>Add Apps<\/strong>: You can select the apps to be blocklisted or allowlisted from a list of store apps.<\/li>\n<li><strong>Add Rules<\/strong>: You can create rules to block or allow apps based on their publisher or file path.<\/li>\n<\/ul>\n<p><strong><\/p>\n<h3>Add Apps<\/h3>\n<p><\/strong><\/p>\n<ul>\n<li>Choose <strong>Blocklist\/Allowlist<\/strong>.<\/li>\n<li>Click on <strong>+Add App<\/strong>.<\/li>\n<li>Select the store apps to be blocklisted or allowlisted. Then, click on <strong>Done<\/strong>.<\/li>\n<\/ul>\n<p><strong><\/p>\n<h3 id=\"rules\">Add Rules<\/h3>\n<p><\/strong><br \/>\n  The following fields are to be configured for adding a rule, <\/p>\n<ul>\n<li><strong>Action<\/strong>: Choose the action (<em><strong>Block\/Allow<\/strong><\/em>) associated with the rule.<\/li>\n<li><strong>Rule Name<\/strong>: Enter a name for the identification of the rule.<\/li>\n<li><strong>App Type<\/strong>: Choose the type of apps to which the rule will apply. You can choose between two types of apps,\n<ul>\n<li><em><strong>Packaged Apps\/Packaged Apps Installers (.appx)<\/strong><\/em><\/li>\n<li><em><strong>Executables (.exe)<\/strong><\/em><\/li>\n<\/ul>\n<\/li>\n<li><strong>Rule Condition<\/strong>: Select the criteria based on which the applications will be blocked\/allowed:\n<ul>\n<li><em><strong>Publisher<\/strong><\/em>: If this option is selected, the app(s) will be blocked\/allowed by the name of the application(s) publisher.\n<\/li>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">How do you find the exact Publisher name of an app in Windows?<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<\/p>\n<ol>\n<li>Press <strong>Windows + R<\/strong>, type <em>secpol.msc<\/em>, and press <strong>Enter<\/strong>. This opens the Local Security Policy windows. <\/li>\n<li>Navigate to <strong>Application Control Policies > AppLocker > Executable Rules<\/strong>. <\/li>\n<li>Right-click <strong>Executable Rules<\/strong> and choose <strong>Create New Rule.<\/strong> <\/li>\n<li>When the <strong>Create Executable Rules<\/strong> wizard opens, move through the steps until you reach the <strong>Publisher<\/strong> section. <\/li>\n<li>Select <strong>Browse<\/strong> and choose the application file. <\/li>\n<li>Once selected, the wizard displays the app\u2019s details including the precise Publisher name. It usually appears in a format like: <em>O=Adobe INC, L=SAN JOSE, S=CA, C=US<\/em>. <\/li>\n<\/ol>\n<p>This is the exact format you\u2019ll need when creating the rule in Hexnode. Make sure the <strong>Publisher<\/strong> value you enter in Hexnode matches the complete string shown in the <strong>Create Executable Rules<\/strong> wizard. <\/p>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<li><em><strong>File Path<\/strong><\/em>: If this option is selected, the app will be blocked by specifying the file path of the application.<\/li>\n<\/ul>\n<li><strong>Publisher Name<\/strong>: If the rule condition is chosen as <strong>Publisher<\/strong>, specify the name of the application(s) publisher.<\/li>\n<li><strong>App Name<\/strong>: Specify the name of the application.<\/li>\n<li><strong>File Path<\/strong>: If the rule condition is chosen as <strong>File Path<\/strong>, specify the location of the application on the user&#8217;s device.<\/li>\n<\/ul>\n<\/li>\n<li>Click on <strong>Save<\/strong>.<\/li>\n<\/ol>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Notes:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<\/p>\n<ul>\n<li>When creating block rules for a specific app type, ensure that you also create allow rules explicitly for the required apps within that type. If not, all apps of that type will be blocked by default.<\/li>\n<li>When the rule condition is set to <em><strong>Publisher<\/strong><\/em>, you can block or allow all applications of a specific application type on the device by entering the <strong>asterisk symbol<\/strong> (<strong>*<\/strong>) in both the <em>Publisher Name<\/em> and <em>App Name<\/em> fields. Likewise, to block or allow all applications from a particular publisher, enter the asterisk symbol (*) in the <em>App Name<\/em> field while specifying the corresponding <em>Publisher Name<\/em>.<\/li>\n<li>All inbox applications on the device will be allowed by default. If you wish to block inbox apps, you need to create block rules for the individual inbox apps in the <strong>Add Rules<\/strong> section. <\/li>\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<h2>Associate the policy with target entities<\/h2>\n<p>If you haven\u2019t saved the policy, <\/p>\n<ol>\n<li>Navigate to <strong>Policy Targets<\/strong>.<\/li>\n<li>Select the required <strong>Devices, Users, Device Groups, User Groups<\/strong> or <strong>Domains<\/strong>.<\/li>\n<li>Click on <strong>Save<\/strong>.<\/li>\n<\/ol>\n<p>If you have already saved the policy, <\/p>\n<ol>\n<li>Navigate to <strong>Policies > My Policies<\/strong> and select the required policy.<\/li>\n<li>Click on <strong>Manage > Associate Targets<\/strong>.<\/li>\n<li>Select the required <strong>Devices, Users, Device Groups, User Groups<\/strong> or <strong>Domains<\/strong>.<\/li>\n<li>Click on <strong>Associate<\/strong>.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Some situation demands you to restrict the users from accessing certain apps in the work environment&#8230;<\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[162,150],"tags":[],"class_list":["post-24887","post","type-post","status-publish","format-standard","hentry","category-windows-deploying-and-managing-apps","category-deploying-and-managing-apps"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Blocklist \/ Allowlist apps on Windows devices - Hexnode Help Center<\/title>\n<meta name=\"description\" content=\"Hexnode MDM enables you to build a blacklist \/ whitelist of apps which allows you to identify the presence of blacklisted apps on the device.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Blocklist \/ Allowlist apps on Windows devices - Hexnode Help Center\" \/>\n<meta property=\"og:description\" content=\"Hexnode MDM enables you to build a blacklist \/ whitelist of apps which allows you to identify the presence of blacklisted apps on the device.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/\" \/>\n<meta property=\"og:site_name\" content=\"Hexnode Help Center\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-07T13:44:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-25T10:06:02+00:00\" \/>\n<meta name=\"author\" content=\"Riza\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Riza\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/\",\"url\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/\",\"name\":\"How to Blocklist \/ Allowlist apps on Windows devices - Hexnode Help Center\",\"isPartOf\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website\"},\"datePublished\":\"2018-12-07T13:44:38+00:00\",\"dateModified\":\"2025-11-25T10:06:02+00:00\",\"author\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/fe0e02538bdb97d6aebf751f529d0b41\"},\"description\":\"Hexnode MDM enables you to build a blacklist \/ whitelist of apps which allows you to identify the presence of blacklisted apps on the device.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Blocklist \/ Allowlist apps on Windows devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website\",\"url\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/\",\"name\":\"Hexnode Help Center\",\"description\":\"Mobile Device Management Help\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/fe0e02538bdb97d6aebf751f529d0b41\",\"name\":\"Riza\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3eedc55d20d3793d07f1b86a5bf500e3717109f0819a818dcf80dd4a21290185?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3eedc55d20d3793d07f1b86a5bf500e3717109f0819a818dcf80dd4a21290185?s=96&d=mm&r=g\",\"caption\":\"Riza\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Blocklist \/ Allowlist apps on Windows devices - Hexnode Help Center","description":"Hexnode MDM enables you to build a blacklist \/ whitelist of apps which allows you to identify the presence of blacklisted apps on the device.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/","og_locale":"en_US","og_type":"article","og_title":"How to Blocklist \/ Allowlist apps on Windows devices - Hexnode Help Center","og_description":"Hexnode MDM enables you to build a blacklist \/ whitelist of apps which allows you to identify the presence of blacklisted apps on the device.","og_url":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/","og_site_name":"Hexnode Help Center","article_published_time":"2018-12-07T13:44:38+00:00","article_modified_time":"2025-11-25T10:06:02+00:00","author":"Riza","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Riza","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/","url":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/","name":"How to Blocklist \/ Allowlist apps on Windows devices - Hexnode Help Center","isPartOf":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website"},"datePublished":"2018-12-07T13:44:38+00:00","dateModified":"2025-11-25T10:06:02+00:00","author":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/fe0e02538bdb97d6aebf751f529d0b41"},"description":"Hexnode MDM enables you to build a blacklist \/ whitelist of apps which allows you to identify the presence of blacklisted apps on the device.","breadcrumb":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-blacklist-whitelist-apps-on-windows-devices-using-hexnode-mdm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/"},{"@type":"ListItem","position":2,"name":"How to Blocklist \/ Allowlist apps on Windows devices"}]},{"@type":"WebSite","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website","url":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/","name":"Hexnode Help Center","description":"Mobile Device Management Help","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/fe0e02538bdb97d6aebf751f529d0b41","name":"Riza","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3eedc55d20d3793d07f1b86a5bf500e3717109f0819a818dcf80dd4a21290185?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3eedc55d20d3793d07f1b86a5bf500e3717109f0819a818dcf80dd4a21290185?s=96&d=mm&r=g","caption":"Riza"}}]}},"_links":{"self":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts\/24887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/comments?post=24887"}],"version-history":[{"count":27,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts\/24887\/revisions"}],"predecessor-version":[{"id":56116,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts\/24887\/revisions\/56116"}],"wp:attachment":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/media?parent=24887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/categories?post=24887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/tags?post=24887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}