This article explains how to use the Manage blocklist workflow from the Device Management → Applications (Software) page to block Shadow IT applications and domains across your devices and device groups.

This is part of the consolidated Shadow IT blocking experience in the Swif Admin Console.

What you can do from the Software page

From Device Management → Applications, the Manage blocklist flow lets you:

Block applications (from the Swif catalog or as custom names)
Block domains (manually or via file upload)
Target specific devices and device groups
Apply blocking across supported OS platforms
See a unified blocklist for that application, including block type and policy details

This flow is designed to behave consistently with other entry points (such as Device Details and Device Groups). The key difference here is that:

When you open the modal from a specific application on the Software page,
the application is pre-selected and cannot be changed in that instance of the modal.

Launching “Manage blocklist” from the Software page

In the Swif Admin Console, go to
Device Management → Applications.
In the Applications (Software) table, find the app you want to manage.
Click Manage blocklist for that app.

The Manage blocklist modal opens with:

The application pre-selected and disabled (you cannot change the app in this flow).
All other controls (devices, groups, block types, domains) available and enabled.

This lets you quickly manage block policies for one specific application from the Software page.

Choosing how you want to block

Inside the modal, you can configure what you are blocking:

1. Block by application

Select from known apps
- Uses the Swif app catalog.
- From the Software page modal, the chosen app is already fixed, so this selection is implicitly set.
Enter Custom Application Name
- Allows you to block by a string name that may or may not exist in the catalog.
- Useful for Shadow IT or custom/line-of-business apps.

2. Block by domain

Enter Domain
- Manually enter one or more domains (for example, example.com).
Upload file
- Upload a file containing many domains at once.
- The UI shows the file name and number of domains rather than listing all for large uploads.

The blocklist can include both applications and domains. Both will be shown in the resulting blocklist view with appropriate types and labels.

Selecting devices and device groups

You can apply the blocklist to:

Individual devices, and/or
Device groups (including smart groups and any custom-named groups)

Behavior:

The device and device group selection dropdowns show all eligible, enrolled devices and groups.
Device group names are fully flexible; any label you have defined appears as-is in the selector.
Counts of blocked devices and blocked device groups are updated when you save changes and are reflected back in:
- The blocklist modal
- The Software page summary for that app

If you notice a mismatch between what you selected and the counts shown, it indicates a configuration issue and should be treated as a defect, not intended behavior.

OS-specific behavior and Windows app path requirement

Swif enforces blocking differently based on the operating system.

Target OS selection

When configuring app blocking:

You can target one or more OS platforms (for example, macOS, Windows, Linux).
Only OS platforms that the policy engine supports for blocking are shown.
For multi-OS apps, you may see an All option that applies the policy to all supported platforms.

Windows: Application path (`appPath`) is required

For Windows devices, blocking is enforced via application path.

When you include Windows devices or Windows-based groups in your block:

You must provide an application path (appPath), such as:
C:\Program Files\App\app.exe
The app path field includes a Windows-style path placeholder to clarify the expected format.
If you attempt to save a block for Windows without specifying appPath, the system shows:

“Application path is required for Windows”

and the block action is prevented until you provide a valid path.

macOS / Linux

For macOS and Linux:

The block can be enforced by application name.
No appPath is required.
You can still mix macOS/Linux with Windows in the same flow, as long as you satisfy the Windows appPath requirement where applicable.

Entering custom app names and domains

Unified placeholder behavior

For free-text inputs where you can type either an app name or a domain, Swif uses a clear placeholder:

Type an Application Name / Domain and Press Enter

Behavior:

Type a value in the field.
Press Enter to confirm and add it to the list.
This applies to:
- Enter Custom Application Name
- Enter Domain (for domain-based blocking)

Custom application name input behavior

When you choose Enter Custom Application Name:

You see a plain input box, not an open dropdown.
The application catalog dropdown:
- Does not open by default.
- Appears only after you start typing and only when there are catalog matches.
You can:
- Select one of the suggested catalog apps, or
- Continue using your own string and treat it as a purely custom app name.

This avoids confusion with Select from known apps and makes it clear that the field supports both free text and assistive suggestions.

Domain blocking: manual vs file upload (web filtering)

You can block domains associated with the application directly from this flow.

Entering domains manually

Select Domain → Enter Domain.
Type a domain (for example, example.com).
Press Enter to add it.
Repeat for additional domains.

When Enter Domain is active, file upload options are hidden to keep the UI focused.

Uploading a file of domains

Select Domain → Upload file.
Upload a CSV or other supported file containing domains.
The blocklist UI will:
- Display the uploaded file name.
- Show the total count of domains in the file.
- Avoid listing every individual domain in the UI if you have thousands of entries.

To make it obvious that manual entry and file upload are alternatives, the modal includes an “OR” spacer between the upload section and any pre-loaded file selection components.

Blocklist display on the Software page

After you save your blocklist changes:

Return to Device Management → Applications.
In the application’s row, a blocklist table / section presents all configured blocks.

You’ll see:

Blocked item type
- Application Name (string input used as identifier)
- Domain
Target scope
- Devices and/or device groups affected
Block type / Policy usage
- A policy name, which is a clickable link to that policy.
Domains from file uploads
- Shown by file name and domain count.
- Large domain lists are not expanded inline.
Rule types chip
- A small chip shows how many rule types the policy contains.
- Hovering over the chip displays a tooltip with details of those rule types.

Both app-based and domain-based blocks are visible side-by-side, so you can see everything that applies to that app in one place.

Bulk blocklist actions

From the Software page, you can also:

Select multiple applications.
Apply bulk blocklist actions via the Manage blocklist flow.

Behavior:

All selected apps are processed.
Each app’s resulting block entries appear in the blocklist table for that app.
The underlying OS, device/group selection, and path/domain rules apply per app.

Behavior expectations and consistency

The consolidated Manage blocklist flow is designed to be:

Consistent across entry points
Whether you open it from:
- Device Management → Applications (Software page),
- Device Details,
- Device Groups,
the workflow, validations, and options behave the same, except for:
- Pre-selection context (which app/device/group is locked in).
Fully enabled
Options inside the modal are not disabled just because something is pre-selected:
- From the Software page, the application field is the only locked element.
- You can still:
  - Add domains,
  - Adjust devices/device groups,
  - Mix app and domain blocks,
  - Configure OS targets.