Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
1
Helpful
8
Replies

Application whitelist

Vishal6
Level 1
Level 1

‎12-05-2024 04:20 AM

Hi All,

Facing an issue where unable to open word, excel, powerpoint file using microsoft office 2010 as it contains vulnerability. PFB below snapshot and let me know how can i whitelist it in allowed application list to let microsoft office 2010 works

Vishal6_0-1733401207853.png

 

0 Helpful
8 Replies 8

Matthew Franks
Cisco Employee
Cisco Employee

‎12-05-2024 04:31 AM

Hello,

I mentioned in your previous post that Office 2010 is end of life and should no longer be used, but if you insist you can add an application whitelist.

Hope that helps.

-Matt

 

0 Helpful

Vishal6
Level 1
Level 1
In response to Matthew Franks

‎12-05-2024 11:25 PM

In application control to whitelist an application need either a hash file or upload a file. Need to know how can i get the hash file of microsoft office and also would adding a hash file or choosing an upload a file would whitelist it for all ?

0 Helpful

Ken Stieers
VIP
VIP
In response to Vishal6

‎12-06-2024 12:45 AM

The hash is the SHA256 of the file.
There are many ways to get that.
Any place the file is referenced in the Secure Endpoint console, you can right click and see the hash.

In powershell, Get-FileHash will give you the SHA256

In windows commandline you can use certutil:
certutil -hashfile SHA256
0 Helpful

Vishal6
Level 1
Level 1
In response to Ken Stieers

‎12-06-2024 01:05 AM

Hi,

Does adding the hash in application control from Secure console will completely bypass it for all users ?

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee
In response to Vishal6

‎12-06-2024 04:19 AM

If you're whitelisting an application, it means you trust it and don't want the normal protections applied to it. With this in place, Secure Endpoint will not provide protection for the application as it normally would. The whitelist is applied per policy, so any endpoint assigned to that policy would have the whitelist applied. This is why I've stated from the start that it is not recommended to whitelist a 14 year old, vulnerable application.

-Matt

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee

‎12-05-2024 04:35 AM

I just want to add that the screenshot is showing the vulnerabilities, not block events. If it is being blocked on execution, a screenshot of the block event would provide more information on what engine is actually blocking the application.

-Matt

Vishal6
Level 1
Level 1
In response to Matthew Franks

‎12-05-2024 05:08 AM

But it's not opening with agent installed, if we remove agent office 2010 works

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee

‎12-05-2024 06:26 AM

Understood. Are you seeing any block events? It might be best to open a TAC case to have someone help troubleshoot and apply the appropriate exclusions.

-Matt

0 Helpful
Customers Also Viewed These Support Documents