I worked at a place like this and we had a software registry, where if you had installed something and it wasn't on the registry somebody would start sending you nasty emails. This kind of thing would happen all the time: maybe the Linux machines weren't in the scans, or anything that came with the OS was whitelisted.

But if you wanted to install it separately on a computer that didn't have it already, then you'd need to get it “approved.”