Endpoint Protection

Expand all | Collapse all

Whitelist exe that will potentially be blocked by new IPS policy

  • 1.  Whitelist exe that will potentially be blocked by new IPS policy

    Posted 01-13-2020 11:37 AM

    Hello, please let me start off by stating if this is not the correct forum or if this has been asked and answered before, I do apologize, and I will try to dig in more and find the answers. 

     

    I am new to SEP and I am looking for some answers on how to whitelist files/traffic/apps that would be flagged by an IPS policy. 

    What we are doing is enabling IPS on our remaining Server 2008 environment and what I have done so far is created our groups based on server function and enabled the IPS in an audit only mode to see what it will pickup and block when we remove that check. What I am looking for is how I actually whitelist the files that are being flagged as "malicious". I was really hoping for a simple right-click and whitelist option from either the SEPM or the endpoint and I am not seeing one. So all of that said, I am really hoping that someone in this community might be able to share some advice or best practices on how this should be done. 



  • 2.  RE: Whitelist exe that will potentially be blocked by new IPS policy

    Posted 01-15-2020 11:01 AM

    Tried this, once detected you will go to exceptions and add that signature to allow

    Creating exceptions for IPS signatures

    https://support.symantec.com/us/en/article.howto80883.html



  • 3.  RE: Whitelist exe that will potentially be blocked by new IPS policy

    Posted 01-15-2020 06:35 PM

    Rafeeq's option will allow all detections under that signature, which is only recomended by Symantec as a last resort.  
    IPS will honor firewall rules. If a firewall rule is added, it will allow the traffic. 

    Otherwise if you are seeing the detection in a common computer such as a development PC or network scanner, you can add the IP to a list of excluded host using the following instructions: https://support.symantec.com/us/en/article.HOWTO81159.html