Note: If you detect or remove a file before an exclusion or override is in place, you will need to uninstall then reinstall or ensure that the detected files are restored from quarantine. If the files are still located locally in the quarantine or block/allow tab, the exclusion does not work.
To create a whitelist override:
1. Log in to your Endpoint Protection console.
The Endpoint Protection console displays, with the Status tab active.
2. Click the Overrides tab.
3. The system displays the Overrides panel, with the Whitelist tab active.
4. Click the Create button.
The system displays the Create override window.
5. In the Override Name field, enter a name for the override.
6. Do one of the following:
- If you're done, click the Save button.
- To create a Folder/File override, continue with this procedure.
7. In the New Whitelist Entry window, select the Path/File radio button.
The system displays the Create override window with the relevant fields.
8. Use the information in the following table to populate the fields.
Enter a name for the override.
You have already selected the Path/File radio button.
Target a file or group of files by specifying a file mask with optional wildcards, for example, *.exe to target all executable files in the selected folder. This will default to all files in the selected folder/path if not specified.
The folder to target with the override. You can specify an absolute path, for example,
or a system variable with optional path, for example,
Default supported environment variables are displayed when you type % (percent)however you may choose to use any variable you have setup on the target machine with the exception of user variables which are not supported. You may not use %temp% for example as this refers to a specific users temp directory (‘username/temp/’). Wildcards are not supported.
Select this checkbox to apply the override to all sub-folders within this folder.
Detect if Malicious
If this setting is enabled Webroot will continue to protect the user against threats originating from the selected file/folder whitelist override but will disable monitoring and journaling. This is primarily used to improve performance when monitoring and journaling is being applied to a large number of files with an unknown determination. Disabling this setting will provide a true whitelisting, allowing files to run without Webroot protection.
Global (GSM) Override
Selecting this will make the Override global for every site under the current GSM Console.
Apply to Policy
Do either of the following:
- Select Yes to apply the Override to a specific policy, global policies included.
- Select No to apply to all policies on the selected site.
9. When you're done, click the Save button.
Path/Folder Mask = The folder to target with the override. You can specify an absolute path, for example, ‘x:myfolder’ or a system variable with optional path, for example, ‘%SystemDrive%myfolder’
Does one need the at the end of the path, or not? Is there a best practice?
Does the path/folder mask also support wildcards?
I recommend putting up a KB article to troubleshoot reasons why whitelisting might not be working; I'd also look into whether the whitelist process always works properly.