Skip to main content

Shadow IT – Block Applications from Device Details

Updated today

This article explains how to block applications and domains directly from the Device Details → Applications tab in Swif. These controls are part of Swif’s consolidated blocking experience for Shadow IT and endpoint application control.

Use this workflow when you:

  • Discover a risky or unapproved app on a specific device, and

  • Want to immediately block its usage (and/or related domains) across one or more devices or device groups.

What you can do from Device Details → Applications

From the Device Details → Applications tab, you can:

  • Add applications to a blocklist based on:

    • Application usage (blocking the app from running)

    • Application domains (blocking access to app‑related domains)

  • Target the block to:

    • Individual devices, or

    • Device groups

This flow is consolidated with other Shadow IT blocking experiences so admins see consistent options and behavior across the product.

Opening the blocklist from a device

  1. Go to Devices in Swif.

  2. Select the device you’re interested in.

  3. Open the Applications tab.

  4. Find the application you want to block.

  5. Click Add to blocklist (or the equivalent action for managing the blocklist).

Swif will open the Manage blocklist modal with the current device context already applied.

Choosing what to block

Within the Manage blocklist modal, you can choose between:

  • Application usage – block the app from running

  • Application domain – block traffic to domains associated with that app

Depending on your choice, you can work with:

  • Known applications from Swif’s Applications Catalog, or

  • Custom application names or domains that you type in manually

Known applications vs custom application names

To keep the UI focused and reduce confusion, Swif shows only one input strategy at a time:

  • Select from known apps

    • Use this if the app exists in Swif’s Applications Catalog.

    • As you type, you’ll see matching applications to pick from.

    • The custom app name field is hidden in this mode.

  • Enter custom application name

    • Use this if the app is not in the catalog or if you prefer manual entry.

    • You see a simple input box with this placeholder:

      • “Type an Application Name / Domain and Press Enter”

    • The dropdown does not open by default. It only appears once you type something and there’s a match.

    • The known app dropdown is hidden in this mode.

This makes it clear whether you’re choosing from known apps or entering a custom string, while still supporting both workflows.

OS‑specific behavior for application blocking

Swif’s backend uses different technologies per operating system (e.g., Santa for macOS, AppLocker for Windows, and the Swif Agent for Linux). The UI abstracts this, but there are a few important OS‑specific details.

macOS

For macOS devices, Swif can block applications by name matching and other app attributes. When you block an app for macOS:

  • You can simply provide the application name (or select one from the catalog).

  • Swif creates or updates an Application Block Policy that prevents the app from running on targeted macOS devices.

Linux

For Linux devices, Swif blocks applications by application name:

  • Provide the app name string (or select it).

  • Swif creates or updates a Linux Application Block Policy.

Windows – path‑based blocking

For Windows devices, application blocking relies on file path information because it uses Windows AppLocker under the hood.

When you include any Windows devices in the target:

  • The Manage blocklist modal will ask you for an Application path (appPath).

  • A Windows‑specific placeholder is shown, e.g.:

    • C:\Program Files\Teamviewer

  • If you try to save without a path, you’ll see an error message:

    • “Application path is required for Windows”

Internally, Swif uses this path to create or update a Windows AppLocker Policy across multiple rule collections (e.g., .exe, .appx, .msi).

Note: Some critical Windows applications (for example, certain Microsoft apps like Edge) may not be fully enforceable due to OS limitations. Always test your policy against a small set of devices first.

Blocking domains from Device Details (web filtering)

In addition to blocking application usage, you can block domains associated with an app.

When you choose Application Domain in the Manage blocklist modal, you have two primary options:

  1. Enter domain manually

    • Use the same guided placeholder:

      • “Type an Application Name / Domain and Press Enter”

    • Ideal for blocking a small number of domains discovered via Shadow IT.

  2. Upload a file of domains

    • Upload a text file that contains a list of domains.

    • The UI will show:

      • The file name, and

      • The count of domains within that file.

    • This is designed for large domain lists; Swif does not attempt to display thousands of entries in the table.

To keep the experience clean:

  • When Enter Domain is selected, the file upload option is hidden.

  • When Upload file is selected, the manual domain field is hidden.

  • An “OR” spacer clearly separates these two options so admins understand they’re alternative input methods.

Selecting devices and device groups

You can apply your blocklist to:

  • The current device (pre‑selected when starting from Device Details), and/or

  • Other devices or device groups.

Key behavior:

  • All eligible devices (based on your environment) are available for selection.

  • Device groups can have arbitrary names and are displayed consistently in the selector.

  • You can mix devices and device groups in a single operation to roll out a block quickly.

Swif automatically creates the correct policies per OS for all targeted devices.

How blocklist entries appear in Device Details

Once a block is configured, you can view how it’s applied on the Device Details → Applications tab.

Applications and policies

For each blocked application, you’ll see:

  • Application Name
    The text you entered or the name you selected from the catalog.

  • Block Type / Policy usage

    • Shows how the application is being blocked (e.g., application usage vs domain).

    • Displays the policy name that is enforcing the block.

    • The policy name is clickable, so you can jump directly to that policy for more detail or editing.

Domains from uploaded files

For domain lists added via file upload:

  • Swif displays:

    • The file name, plus

    • The number of domains in that file.

  • This keeps the table readable, even when blocking thousands of domains.

Rule‑type chip and tooltip

In the policy/usage columns, you may see a chip indicating how many rule types the policy contains.

  • Hover over the chip to open a tooltip with more detail (for example, whether the policy contains multiple OS‑specific rules or both application and domain rules).

This lets you quickly understand how broad or granular a policy is without opening the full policy page.

Summary

From Device Details → Applications, you can now:

  • Block risky or unapproved apps on a specific device and roll that block out to other devices or groups.

  • Use a single, consolidated UI to:

    • Select known or custom apps,

    • Provide required Windows paths,

    • Block domains individually or via bulk file upload, and

    • See exactly which policies are enforcing those blocks.

Related Articles
Prevent sign-up for domains by Swif's Browser Extension
Shadow IT Features: Complete Visibility and Control
Shadow IT – Manage Blocklist Key Features
Shadow IT – Block Applications from the Device Group page
Shadow IT – Block Applications from the Software page
Did this answer your question?