# Blocklisting

All patches are inspected by our metadata team and some are blocklisted. These will appear as System blocklisted patches. Additionally, you have the option to manually blocklist a patch if you encounter undesired behavior. Conversely, if there is a system blocklisted patch, you have the option to unblock as necessary.

The OneSite metadata team:

* Reviews all metadata that vendors provide for their new products and patches to verify relevance and integrity.
* Reviews content and determines whether the patch has any issues that might cause unexpected behavior.
  * These may include reasons like "VirusTotal score is High" or "Cannot be uninstalled".
* Blocklists patches and products that have issues and automatically creates an exclusion for the patch on all clients.

You can view all of the blocked patches by navigating to **Advanced Settings > Flex Controls > Blocklisting > Patches** from the side navigation.

This will display a table of all curated (System) and customer blocked patches. When you select one of the patches, you can view additional information including the reason why it was blocked.

![](/files/hxniYFn7YB7YvR0VmoOi)

Or you can click **Blocked Patches (User)**/**Block Patches (System)** in the **Patching Overrides** widget from the **Home** dashboard.

![](/files/iAou9V21XiZP45XCs75C)

## Add patch to blocklist

Patches are automatically added to the blocklist by OneSite's metadata team, however, you can manually add patches to the blocklist as necessary.

{% hint style="success" %}
Blocklisting is intended for potentially risky patches that will be blocked on all devices. If you're looking to restrict products and patches from installing on specific business units, please see our [Exceptions](/patch/patching-fundamentals/flex-controls/flex-controls-exceptions.md) page.
{% endhint %}

1. Select **Advanced Settings > Flex Controls > Blocklisting > Blocked Patches**.
2. Click **+ New**.
3. Add a **Name** and optional **Description**.
4. Click **Browse** and select your desired patch under the **Blocked Patch Settings** section.
5. Enter the **Blocker Name** and **Blocker email** of the admin creating the blocked patch.
6. Enter a **Block Reason**.

   ![](/files/jjJgJh5lOk5WEbLRqELW)
7. Click **Save**.

### Unblock a patch

{% hint style="warning" %}
Unblocking a patch should be performed with caution. For guidance of unblocking a specific patch, please reach out to our [Support Team](https://adaptiva.com/support).

By design, we block Windows Feature Updates so users can control if those are installed/updated on their endpoints. For more information, please see our our [Apply Windows Feature Updates](https://docs.adaptiva.com/patch/scenarios/feature-updates)
{% endhint %}

On occasion, you may notice a blocklisted patch that you need to remediate a vulnerability. In order to unblock a patch, you can click the ellipses (**...**) next to the patch you wish to unblock and select **Unblock**.

<img src="/files/I3SGbUW8RlWMCP9NcyNt" alt="Unblock patch button" width="75%">

## Blocklist settings

**Blocklist Settings** allows you to set up blocklist **Notifications** from desired **Communication Providers**. These notifications will alert you of any new blocklisted patches from either the curated or customer created blocklists.

1. Select **Advanced Settings > Flex Controls > Blocklisting > Blocklist Settings**.

   <img src="/files/UG9QHBvSluUdrcS5K6Gc" alt="Blocklist settings navigation" width="50%">

* Notification Chain
  1. Select **Browse** next to either **Curated Chain** or **Customer Chain** to list the available Notification Chains. If you need to create a new Notification Chain for these purposes, see [Create a Notification Chain](/patch/advanced-settings/chains.md#notification-chains).
  2. Select the desired notification chain from the list.
  3. Select **OK**.
* Communication Providers
  1. Select **+ Add Communication Providers** for either **Curated Communication Providers** or **Customer Communication Providers** from the **Blocklist Settings**.
  2. Select one or more communication providers from the table.
     * If you need to add providers to the table, see [Create a New Communication Provider](/patch/advanced-settings/communication-providers.md).
  3. Select **OK**.

     ![](/files/v4PsFJaRMEr69ndQd5vt)

Depending on which communication provider you choose, your selected roles will receive a notification within a few minutes of the change. Below is an example of the notification email with the settings above:

![](/files/sRCRyGhfWSJSS5JPOq05)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.adaptiva.com/patch/patching-fundamentals/flex-controls/flex-controls-blocklisting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.