Vile Analyziz

Sanctioned Apps

Sanctioned Apps lets you define which software is approved, prohibited, or pending review in your organization. As files are analyzed, the platform automatically matches them against your sanctioned list and tags results accordingly.

Status Meanings

Each entry in your sanctioned apps list has one of three statuses. The status determines how the platform treats files from that vendor or product.

Sanctioned (Approved)

Software approved for use in your organization. Files from sanctioned vendors are automatically tagged as approved in analysis reports. This status signals to analysts that the software has been vetted and is authorized.

Prohibited

Software banned from your organization. Files from prohibited vendors are flagged in reports and can trigger approval rules or block deployment through endpoint agents. Use this status for known-unwanted software, unapproved vendors, or tools that violate compliance requirements.

Under Review

Software pending evaluation. Files from under-review vendors are flagged in reports but are not blocked. This is a transitional state for software that has been identified but not yet fully assessed by your security team.

Adding Apps

Navigate to the Sanctioned Apps page in the portal and select “Add App.” For each entry, provide:

  • Vendor name (required): the publisher or company name. This is matched against the vendor identified during analysis.
  • Product name (optional): a specific product from that vendor. If omitted, all products from the vendor are matched.
  • Status (required): sanctioned, prohibited, or under review.
  • Max installs (optional): a soft limit on how many instances of this software should exist across your endpoints. Useful for tracking license compliance.
  • Notes (optional): internal notes for your team, such as the reason for the status or links to approval tickets.

Software Inventory

As your organization analyzes files, the platform automatically builds a software inventory from the detected vendors and products. The inventory page shows every unique vendor and product seen across all analyses, along with the number of files, first-seen and last-seen dates, and the sanctioned status.

The software inventory gives you a comprehensive view of what software exists in your environment, even before you create sanctioned app entries. Use it to discover shadow IT, identify unvetted vendors, and prioritize which software to evaluate next.

Redundancy Detection

The platform identifies cases where multiple products in your inventory serve the same purpose. For example, if your organization has three different PDF readers or two competing antivirus products, redundancy detection flags these overlaps.

Reducing software redundancy simplifies your security posture, lowers licensing costs, and reduces the attack surface. Use redundancy insights to standardize on approved tools and phase out duplicates.

License Compliance

License compliance tracking examines the licensing model of software in your inventory and flags commercial products that may lack proper licensing. The platform categorizes detected software by license type (open source, freeware, commercial, trial) and highlights discrepancies.

Combined with the max installs field on sanctioned app entries, license compliance gives you visibility into whether your organization is within its licensed usage limits. This helps avoid audit surprises and ensures contractual compliance.

Go to Sanctioned Apps

Was this helpful?