Endpoint Protection

Expand all | Collapse all

How to whitelist a file?

  • 1.  How to whitelist a file?

    Posted 8 days ago
    I thought this would be an easy task but apparently I'm missing something.
    So I have a client that is getting a stupid amount of false positives for only a few computers, and these happen to be ones running Acronis cyber protect (actually it's True Image, but apparently the folder structure is "cyber protect" oriented, which is their business product).
    I just want to whitelist this Acronis exe so I can shut this alerting up.  However, when you dig into the details via Alerts and the Investigate tab, it will allow me to whitelist the ":artifact", which in this case is a file called tmp000771d6, but that's useless as these tmp files change every time.  I need to whitelist to source of this, the c : \ program files \ acronis \ cyberprotect \ cyber-protect-service . exe file.  There appears to be no way to do this.  If I edit the policies I think related to this, they want a file path AND a file hash, but the interface here gives no file hash for the exe file, only the tmp files.

    Kind of a dumb situation and I feel I must be missing something really obvious.  Had no real problem figuring this stuff out in the old SEP Manager days but here in SES cloud console, it's a bit unintuitive.

    Humbly requesting a kick in the pants to help me out here :)


  • 2.  RE: How to whitelist a file?

    Broadcom Employee
    Posted 7 days ago
    Hi Mixit,

    You would do this in the Allow ( formerly called Whitelist) policy.

    Thanks,

    ------------------------------
    Jon Kaufman
    Strategic Support Engineer
    Broadcom
    ------------------------------



  • 3.  RE: How to whitelist a file?

    Posted 2 days ago
    I must have somehow just replied directly to Jon, but in any case, if one goes to Policies > Default WhiteList Policy (make sure not to get the SEP 14 one), you can do things directly there.  I had somehow ended up in a different page for editting policies, which would only allow me to upgrade a list file, and ont directly enter a file path.

    Here's some info for anyone needing to learn more:

    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Protection/adding-whitelist-policy-scan-exceptions-v120715667-d4155e23989.html