topic Thank you for your replies in Endpoint Security

Issues excluding a custom application from being scanned

Marius Gunnerud — Fri, 21 Feb 2020 05:01:54 GMT

As the title says, I am having problems excluding a custom application from being scanned. I have added the file path with a wild card (*) as well as the .exe file location (just for testing) without success. Once the application is installed it is scanned and some components deleted. the install location is under "Users" and not Program Files. I am starting to think that it is installing some files elsewhere as well.

C:\Users\*\Mapis Data Input Tool

Any ideas what might be going wrong? is my syntax incorrect for the exclusion? or perhaps I should be placing this under Path instead of Wildcard?

The exclusion looks like a

aledipas — Thu, 15 Sep 2016 14:07:42 GMT

The exclusion looks like a valid wildcard. Be sure that your endpoint policy has actually updated and has the exclusion you have added to your list (you can check this under the settings in the UI).

If you have any detection events you will want to compare those against you exclusion to be sure that multiple paths aren't in use.

Thanks

Hello Marius,

george.seah — Fri, 16 Sep 2016 03:36:12 GMT

Hello Marius,

For application whitelisting, it will be better if you define under Outbreak Control > Application Control - Whitelisting. Upload the application file into the Cloud Console or you may add the SHA-256 value manually for file exclusion.

Thank you for your replies

Marius Gunnerud — Fri, 16 Sep 2016 06:43:51 GMT

Thank you for your replies and suggestions. I wont be able to test any of this until Monday, but will get back to you then with an update.

I tried adding the SHA value

Marius Gunnerud — Wed, 28 Sep 2016 14:24:11 GMT

I tried adding the SHA value under application control whitelisting but did not work. what happens is that I install the program via a .exe file and then once installed and I try to run it, it gets blocked.

I hope to get some more time tomorrow to test possible solutions.

Marius,

Matthew Franks — Thu, 06 Oct 2016 13:01:46 GMT

Marius,

Were you able to perform additional testing and check the detection events as Alex suggested?

Thanks,

-Matt

I have not yet had time to

Marius Gunnerud — Thu, 06 Oct 2016 13:05:13 GMT

I have not yet had time to check the detection events. I have however added the two sha values that were shown as blocked to whitelist. without any success.

I have been swamped with other cases which have taken priority over this so I will be coming back to this once the load lightens.