cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2383
Views
1
Helpful
2
Replies

Allowed Application Still Being Quarantined

vendeville_lj
Level 1
Level 1

One of our users is using a file encryption service on his Windows computer which was initially flagged as ransomware. I added the application to our Allowed Applications list but it is still getting flagged, and seems to be alternating between succeeding and failing quarantine. I'd assumed that adding the file to the allowed list would've stopped these detections and quarantines, and was wondering if I'm doing something wrong with going about using the allowed/blocked lists. I know I can create an exclusion for the application, but then what would the point be of the allowed list vs. exclusions? Appreciate any insight into this.

1 Accepted Solution

Accepted Solutions

David Janulik
Cisco Employee
Cisco Employee

I briefly checked the website of the vendor. You better create a wildcard exclusion for encrypted files “*.axx” , as stated in the officical post." AxCrypt encrypted files should have a “.axx” file extension. So AxCrypt once encrypts the file, then the file will be renamed to “filename-originalextension.axx”."

Cyber security escalation engineer

View solution in original post

2 Replies 2

David Janulik
Cisco Employee
Cisco Employee

I briefly checked the website of the vendor. You better create a wildcard exclusion for encrypted files “*.axx” , as stated in the officical post." AxCrypt encrypted files should have a “.axx” file extension. So AxCrypt once encrypts the file, then the file will be renamed to “filename-originalextension.axx”."

Cyber security escalation engineer

So the application is allowed, but the encrypting of the files is what's flagging Secure Endpoint. Thanks for the info, and I'll get an exclusion created.