I am looking for resources on making exclusions for files, extensions, and folder paths please. We are implementing Global Shop Solutions here at work and they are requesting some exclusions/whitelisting.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
1) Overrides for everything is not necessary as we have a large data set within our threat intelligence that covers both known good files as well as bad files. So, instead of making an override in anticipation of the agent causing an issue, we highly recommend you review the "undetermined report" in the site console. Reports tab - Undetermined software by endpoint. This will display a list of items on a given endpoint that our data has no reference. If the software you referenced above is not listed, then we know about it and will not interfere.
2) Managing overrides. You do not need to assign overrides to a policy. This is for specific granular needs and is rarely needed. However, all overrides are applied to all endpoints across an entire site and all endpoints managed from that site will get the override applied.
3) Helpful tip for managing overrides. In the overrides tab on any given site, mouse over the column headers and on the right of each title is a little down arrow. Select that arrow and enable the "Determinations" column. This will display what our database knows about this file. If you've made an override and that column displays "Good" then you can delete it as it's redundant. If it's "Undetermined" then you're good to go. Keep in mind as our ML and AI process more of these types of files, that determination could switch from Undetermined to Good and you can remove it.
4) You can also turn on the "Policy" Column to see which overrides are tied directly to a policy. I would remake those without assignment to a policy as once that override is listed without being tied to a policy, all computers will referenced it.
5) Lastly, you can submit any file MD5 or a list of files to our support team and they will get our threat teams to whitelist or build a central rule in our central system eliminating the need for you to make lots of overrides for large solutions with lots of DLLs and EXEs.
Hope this helps.
Global GSM Overrides only trigger if the site has "Include Global Policy" enabled. On the right side of the Site list there is a "manage" button, from there go to "endpoint protection" and tick "include global policys".
If you want to make an override just for one site, click on the site name->overrides->add your override. From there you are able to backlink it to the whole GSM or just use it for the site you have selected.
Most of the time we do it that way:
a) Customer A has a specific Software which needs some whitelists
Login to GSM, Select Customers Site, Go to Overrides -> Create an Override and dont tick "General GSM Policy". You can select "use with policy" and select a policy (maybe you have something like "special policy" for a specific client group).
b) All Customer have the same Software so we create it global (only if we need to, most of the time you dont need whitelisting of application, webroot does its job realy good!)
Hope this helps :)
This is a Direct Link to the Whitelist Overrides Topic: Creating Whitelist Overrides
Hope this helps 🙂, Stefan
Would be nice to see Webroot recommendation on how to make sure Webroot is not interfering with Global Shop App.
%Temp% is an environment variable that represents a temporary folder specific to the Windows user profile currently logged into the system. Most often C:\Users\CURRENT_USER\AppData\Local\Temp (where CURRENT_USER represents the currently logged in user)
Exclusions by path or folder:
Exclusions by File Extension:
Exclusions by Program:
Also, if I don't apply to it to a specific policy, will it apply to all endpoints?
I don't seem to have the option to show Global Policies. Perhaps I am not elevated to that level. So I went ahead and made a new policy and started assigning exceptions to it.
Why can't I change the policy that an override is assigned to if I didn't assign one to it in the first place?
What happens to the overrides that don't have policies assigned? Do they do anything?
If need be, why can't I assign overrides to multiple policies?