Blocklisting
OneSite Patch includes an extra level of protection for customer devices and patching processes called Blocklisting. Blocklisting allows you to block potentially nefarious patches that may do more harm than good.
All patches are inspected by our metadata team and some are blocklisted. These will appear as System blocklisted patches. Additionally, you have the option to manually blocklist a patch if you encounter undesired behavior. Conversely, if there is a system blocklisted patch, you have the option to unblock as necessary.
The OneSite metadata team:
Reviews all metadata that vendors provide for their new products and patches to verify relevance and integrity.
Reviews content and determines whether the patch has any issues that might cause unexpected behavior.
These may include reasons like "VirusTotal score is High" or "Cannot be uninstalled".
Blocklists patches and products that have issues and automatically creates an exclusion for the patch on all clients.
You can view all of the blocked patches by navigating to Advanced Settings > Flex Controls > Blocklisting > Patches from the side navigation.
This will display a table of all curated (System) and customer blocked patches. When you select one of the patches, you can view additional information including the reason why it was blocked.
Or you can click Blocked Patches (User)/Block Patches (System) in the Patching Overrides widget from the Home dashboard.
Add patch to blocklist
Patches are automatically added to the blocklist by OneSite's metadata team, however, you can manually add patches to the blocklist as necessary.
Blocklisting is intended for potentially risky patches that will be blocked on all devices. If you're looking to restrict products and patches from installing on specific business units, please see our Exceptions page.
Select Advanced Settings > Flex Controls > Blocklisting > Blocked Patches.
Click + New.
Add a Name and optional Description.
Click Browse and select your desired patch under the Blocked Patch Settings section.
Enter the Blocker Name and Blocker email of the admin creating the blocked patch.
Enter a Block Reason.
Click Save.
Unblock a patch
Unblocking a patch should be performed with caution. For guidance of unblocking a specific patch, please reach out to our Support Team.
By design, we block Windows Feature Updates so users can control if those are installed/updated on their endpoints. For more information, please see our our Apply Windows Feature Updates
On occasion, you may notice a blocklisted patch that you need to remediate a vulnerability. In order to unblock a patch, you can click the ellipses (...) next to the patch you wish to unblock and select Unblock.
Blocklist settings
Blocklist Settings allows you to set up blocklist Notifications from desired Communication Providers. These notifications will alert you of any new blocklisted patches from either the curated or customer created blocklists.
Select Advanced Settings > Flex Controls > Blocklisting > Blocklist Settings.
Notification Chain
Select Browse next to either Curated Chain or Customer Chain to list the available Notification Chains. If you need to create a new Notification Chain for these purposes, see Create a Notification Chain.
Select the desired notification chain from the list.
Select OK.
Communication Providers
Select + Add Communication Providers for either Curated Communication Providers or Customer Communication Providers from the Blocklist Settings.
Select one or more communication providers from the table.
If you need to add providers to the table, see Create a New Communication Provider.
Select OK.
Depending on which communication provider you choose, your selected roles will receive a notification within a few minutes of the change. Below is an example of the notification email with the settings above:
Last updated
Was this helpful?