EDR: How to configure Allow Application.

Overview

Software detects threats that are previously unknown. However, it may sometimes identify an application as a threat, even though you know that it’s safe. When this happens, you can “allow” the application. Think carefully before you allow applications because it reduces your protection.

Note:

  • This allows the application for all computers and users.
  • This allows the application to start, but we’ll still check it for threats, exploits and malicious behavior when it’s running.

How to configure

1.Configure Allow Application

Step 1: Go to the Computers or Servers page, depending on where the application was detected.

Step 2: Find the computer where the detection happened and click on it to view its details.

Step 3: On the Events tab, find the detection event and click Details.

Step 4: In the Event details dialog, look under Allow this application.

Select the method of allowing the application:

  • SHA-256: This allows this version of the application. However, if the application is updated, it could be detected again.
  • Path: This allows the application as long as it’s installed in the path (location) shown. You can edit the path (now or later) and you can use variables if the application is installed in different locations on different computers.

Click Allow.

2. How to exclude applications from CryptoGuard

Step 1: Click Details on the alert.

Step 2: In the Event Details you should see the Application name and details as well as the detection type.  You’ll also see the Detection ID which is a unique identifier for this detection:

Step 3: Tick Exclude this Detection ID from checking and click Exclude.

Your application will be excluded from CryptoGuard.

3. Remove Allow Application.

Step 1: Go to Settings > Allow Application.

Step 2: Select the application and click Remove.

Step 3: Click Confirm.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.