File, extensions, Folder Path Exclusions tutorial please


Hi guys,
I am looking for resources on making exclusions for files, extensions, and folder paths please. We are implementing Global Shop Solutions here at work and they are requesting some exclusions/whitelisting.
 
Thanks!

8 replies

Anyone out there? :)
Userlevel 1
Hey There, Just look at the Help Topic in your GSM Console :)
 
This is a Direct Link to the Whitelist Overrides Topic: Creating Whitelist Overrides
 
Hope this helps 🙂, Stefan
Thanks for that link! Sorry, I'm a little new to this thing!
Also, if I don't apply to it to a specific policy, will it apply to all endpoints?
Userlevel 1
No need for a sorry, everyones starting sometime :)
 
Global GSM Overrides only trigger if the site has "Include Global Policy" enabled. On the right side of the Site list there is a "manage" button, from there go to "endpoint protection" and tick "include global policys".
 
If you want to make an override just for one site, click on the site name->overrides->add your override. From there you are able to backlink it to the whole GSM or just use it for the site you have selected.
 
Most of the time we do it that way:
 
a) Customer A has a specific Software which needs some whitelists
Login to GSM, Select Customers Site, Go to Overrides -> Create an Override and dont tick "General GSM Policy". You can select "use with policy" and select a policy (maybe you have something like "special policy" for a specific client group).
 
b) All Customer have the same Software so we create it global (only if we need to, most of the time you dont need whitelisting of application, webroot does its job realy good!)
 
Hope this helps :)
 
Greets, Stefan
 
 
 
Hmmm,
I don't seem to have the option to show Global Policies. Perhaps I am not elevated to that level. So I went ahead and made a new policy and started assigning exceptions to it.
 
Why can't I change the policy that an override is assigned to if I didn't assign one to it in the first place?
What happens to the overrides that don't have policies assigned? Do they do anything?
If need be, why can't I assign overrides to multiple policies?
Userlevel 7
Badge +35
Hi @CharlesIsWorking, I would recommend that you contact our support team, as they can fully answer all of your questions. 
Ok I put in a ticket with the support system. We shall see what they say.
Userlevel 5
Badge +20
@CharlesIsWorking a little late to this discussion, but I can offer some assistance if you've not gotten all of your questions answered.

1) Overrides for everything is not necessary as we have a large data set within our threat intelligence that covers both known good files as well as bad files. So, instead of making an override in anticipation of the agent causing an issue, we highly recommend you review the "undetermined report" in the site console. Reports tab - Undetermined software by endpoint. This will display a list of items on a given endpoint that our data has no reference. If the software you referenced above is not listed, then we know about it and will not interfere.

2) Managing overrides. You do not need to assign overrides to a policy. This is for specific granular needs and is rarely needed. However, all overrides are applied to all endpoints across an entire site and all endpoints managed from that site will get the override applied.

3) Helpful tip for managing overrides. In the overrides tab on any given site, mouse over the column headers and on the right of each title is a little down arrow. Select that arrow and enable the "Determinations" column. This will display what our database knows about this file. If you've made an override and that column displays "Good" then you can delete it as it's redundant. If it's "Undetermined" then you're good to go. Keep in mind as our ML and AI process more of these types of files, that determination could switch from Undetermined to Good and you can remove it.

4) You can also turn on the "Policy" Column to see which overrides are tied directly to a policy. I would remake those without assignment to a policy as once that override is listed without being tied to a policy, all computers will referenced it.

5) Lastly, you can submit any file MD5 or a list of files to our support team and they will get our threat teams to whitelist or build a central rule in our central system eliminating the need for you to make lots of overrides for large solutions with lots of DLLs and EXEs.

Hope this helps.

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings