1. We can configure a "Deny products by LANDesk Group" in the console:
2. The deny information will be write to the database.The product idn for this application will be add to the "SLM_APPDENIEDBYLDGROUP" table in DB, Here the product idn for winrar is 41.
3. Also the Group ID for LANDesk Group will be write to the "SLM_LDGROUPDENIED" Group.
Here the Group ID for "KevinDeny" is 92.
4. We use the webservice "UpdateDeniedFiles.asmx" to distribute the deny information to the clients.
5. This webservice will get the DeviceID from the database and target that client. Then distribute the deny information to that client.
6. When inventory scan runs on the clients, the ldiscn32.exe will call SLMUpdateDeniedFiles.dll.
This SLMUpdateDeniedFiles.dll dll file includes the method to access the webservice: It will access the http:\\core server\UpdateDeniedFiles.asmx and input the device id there, then get the denied file list from there:
7. At the very last, on the clients, ldiscn32.exe will create a registry key and lay the denied product information there, this is the deny product information. Softmon will gather the deny products here and block the products when they attemp to execute.
The location for the blocked application is: HKLM\SOFTWARE\LANDesk\ManagementSuite\WinClient\FTD.
8. Softmon.exe will monitor the process list, if a new process is created, softmon.exe will find the executable file of the process. Get the file name and the file size of that executable file. Then compare that with the keys under HKLM\SOFTWARE\LANDesk\ManagementSuite\WinClient\FTD. If the executable file information match the registry key, it will kill the porcess and put this process in the untrust list, then store that in cache. If the executable file information doesn't match the registry key, softmon.exe will let the process run and add the process in the trust list, also store that in cache. Next time when the same process runs, it will check the trust and untrust lists in the cache first. If it's there it will not repeat the same actions.
P.S. If on the client machines, in the registry key, the forbidden file is there, most possible situation is the softmon didn't get the file name and file size of the process. Also if some other softwares protect the registry. Softmon.exe can not compare the information, it will fail to block the executable.