Solved: Allowed Application Still Being Quarantined

vendeville_lj · ‎03-11-2022

One of our users is using a file encryption service on his Windows computer which was initially flagged as ransomware. I added the application to our Allowed Applications list but it is still getting flagged, and seems to be alternating between succeeding and failing quarantine. I'd assumed that adding the file to the allowed list would've stopped these detections and quarantines, and was wondering if I'm doing something wrong with going about using the allowed/blocked lists. I know I can create an exclusion for the application, but then what would the point be of the allowed list vs. exclusions? Appreciate any insight into this.

David Janulik · ‎03-17-2022

I briefly checked the website of the vendor. You better create a wildcard exclusion for encrypted files “*.axx” , as stated in the officical post." AxCrypt encrypted files should have a “.axx” file extension. So AxCrypt once encrypts the file, then the file will be renamed to “filename-originalextension.axx”."

Cyber security escalation engineer

View solution in original post

David Janulik · ‎03-17-2022

I briefly checked the website of the vendor. You better create a wildcard exclusion for encrypted files “*.axx” , as stated in the officical post." AxCrypt encrypted files should have a “.axx” file extension. So AxCrypt once encrypts the file, then the file will be renamed to “filename-originalextension.axx”."

Cyber security escalation engineer

vendeville_lj · ‎03-22-2022

So the application is allowed, but the encrypting of the files is what's flagging Secure Endpoint. Thanks for the info, and I'll get an exclusion created.