As the title says, I am having problems excluding a custom application from being scanned. I have added the file path with a wild card (*) as well as the .exe file location (just for testing) without success. Once the application is installed it is scanned and some components deleted. the install location is under "Users" and not Program Files. I am starting to think that it is installing some files elsewhere as well.
C:\Users\*\Mapis Data Input Tool
Any ideas what might be going wrong? is my syntax incorrect for the exclusion? or perhaps I should be placing this under Path instead of Wildcard?
The exclusion looks like a valid wildcard. Be sure that your endpoint policy has actually updated and has the exclusion you have added to your list (you can check this under the settings in the UI).
If you have any detection events you will want to compare those against you exclusion to be sure that multiple paths aren't in use.
For application whitelisting, it will be better if you define under Outbreak Control > Application Control - Whitelisting. Upload the application file into the Cloud Console or you may add the SHA-256 value manually for file exclusion.
Thank you for your replies and suggestions. I wont be able to test any of this until Monday, but will get back to you then with an update.
I tried adding the SHA value under application control whitelisting but did not work. what happens is that I install the program via a .exe file and then once installed and I try to run it, it gets blocked.
I hope to get some more time tomorrow to test possible solutions.
I have not yet had time to check the detection events. I have however added the two sha values that were shown as blocked to whitelist. without any success.
I have been swamped with other cases which have taken priority over this so I will be coming back to this once the load lightens.