Question:
I've been trying to figure out how I can do some application blocking. Everything I find points to DOC-7485 Is there a way to do this? Is there a doc that shows me how? Say I want to block notepad.exe
Answer:
Reference the following articles:
LANDesk Patch and Compliance Landing Page
http://community.landesk.com/support/docs/DOC-23839
How to use Custom Groups and Blocked Applications
http://community.landesk.com/support/docs/DOC-6731
How to create a custom Blocked Application
http://community.landesk.com/support/docs/DOC-6713
LANDesk Management Suite 9.5 patch & compliance documentation
http://community.landesk.com/support/docs/DOC-29597
E-Learning - Patch & Compliance Overview and Download
http://community.landesk.com/support/docs/DOC-22198
Additionally.....
Be aware that "If you make changes to what applications are blocked, do you have to redeploy the agent"? The answer in that case would be no. If you make changes in the console around Blocked Applications, you do not need to redeploy the agent. The next time vulscan runs it will get updated settings and those settings will be applied.
As it relates to the blocking of application on some clients and not on others. The short answer is yes. It can be done in agent settings. The Scan and Repair Settings controls what applications are or are not blocked and Scan and Repair Settings can be assigned to individual machines, groups, etc. regardless of what "Agent Configuration" is on the machine. However, to do what you want, you will need to create multiple custom groups in the patch tool. One group would have notepad.exe only and another group would have outlook.exe and notepad.exe. Then in the scan and repair settings, under the blocked apps, select the "only apps in group" option.