Workspace Control Authorization Process

When the Authorized Owners feature is enabled, Workspace Control performs the following checks to determine if an application is allowed to run, else it is prevented from launching:

  • Blocked PathWorkspace Control checks if the application is found in any configured blocked path rules. For more details, see Blocked Paths.

    If the application is found in any configured blocked path rules, then Workspace Control prevents the application from running. Otherwise Workspace Control checks if the application is found in any blocked file hash rules.

  • Blocked File Hash* Workspace Control checks if the application is found in any configured file hash block rules.

    If the application is found in any configured file hash block rules, then Workspace Control prevents the application from running. Otherwise Workspace Control checks if the application is found in any certificate block rules.

  • Blocked Certificate* Workspace Control checks if the application is found in any configured certificate block rules.

    If the application is found in any configured certificate block rules, then Workspace Control prevents the application from running. Otherwise Workspace Control checks if the application is a Workspace Control managed application and if the user has access to the managed application.

  • Managed application* — Workspace Control checks if the application is a Workspace Control managed application and if the user has access to the managed application.

    If the application is a Workspace Control managed application and the user has access to the managed application, then Workspace Control checks if the owner of the software is an authorized owner. Otherwise Workspace Control prevents the application from running.

  • Authorized OwnerWorkspace Control checks if the file owner of the application matches the configured authorized owners.

    If the NTFS owner of the application is configured as an authorized owner, then Workspace Control allows the application to run. Otherwise the Workspace Control checks if the application's certificate is configured as an authorized certificate.

  • Authorized CertificateWorkspace Control checks if the application's certificate matches any rules configured under the Security > Authorized Certificates node.

    If the application's certificate is configured as an authorized certificate, then Workspace Control allows the application to run. Otherwise Workspace Control checks if the application's file hash is an authorized file hash.

  • Authorized File HashWorkspace Control checks if the application file hash matches any known authorized file hashes.

    If the application's file hash is an authorized file hash, then Workspace Control allows the application to run. Otherwise Workspace Control prevents the application from running.

* If this feature is not enabled, the workflow proceeds with the next hop.