topic Allowed Application Still Being Quarantined in Endpoint Security

Allowed Application Still Being Quarantined

vendeville_lj — Fri, 11 Mar 2022 17:29:42 GMT

One of our users is using a file encryption service on his Windows computer which was initially flagged as ransomware. I added the application to our Allowed Applications list but it is still getting flagged, and seems to be alternating between succeeding and failing quarantine. I'd assumed that adding the file to the allowed list would've stopped these detections and quarantines, and was wondering if I'm doing something wrong with going about using the allowed/blocked lists. I know I can create an exclusion for the application, but then what would the point be of the allowed list vs. exclusions? Appreciate any insight into this.

Re: Allowed Application Still Being Quarantined

David Janulik — Thu, 17 Mar 2022 09:00:14 GMT

I briefly checked the website of the vendor. You better create a wildcard exclusion for encrypted files “*.axx” , as stated in the officical post." AxCrypt encrypted files should have a “.axx” file extension. So AxCrypt once encrypts the file, then the file will be renamed to “filename-originalextension.axx”."

Re: Allowed Application Still Being Quarantined

vendeville_lj — Tue, 22 Mar 2022 18:58:48 GMT

So the application is allowed, but the encrypting of the files is what's flagging Secure Endpoint. Thanks for the info, and I'll get an exclusion created.