This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Exclude single .exe on single endpoint

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exclude single .exe on single endpoint

cemcga
L1 Bithead

‎01-11-2023 05:53 AM

Pretty simple need here....

 

Installing the latest version of WSUS Automated Maintenance from AJ Tek on our WSUS server and Cortex is blocking it with the description "Suspicious executable detected". How do I allow this to install? Is the best way to temporarily pause protection on the endpoint, install the software and then re-enable protection?

0 Likes Likes
6 REPLIES 6

PeteJacobCF
L3 Networker

‎01-11-2023 06:38 AM

I think can depend how your environment is setup. you potentially could use the "report verdict as incorrect" in the incident... or could whitelist the hash... now if your setup to not allow unsigned app and that is unsigned that would be different. sorry for being slightly vague but some of this depends on your environment. 

0 Likes Likes

mavraham
L3 Networker

‎01-11-2023 11:05 AM - edited ‎01-11-2023 11:05 AM

Hi @cemcga 

 

As suggested above, you can add files hashes to your allow list. Adding files to the block list or allow list takes precedence of any other policy rules that may have otherwise been applied to these files.

 

In order to add file hashes to your allow-lists:

  1. Go to Incident Response → Response → Action Center → + New Action.
  2. Select Add to Allow List.
  3. Enter the SHA-256 hash of the file.


 You can read more about managing file execution here.

If this helped, please click Accept as Solution!



0 Likes Likes

cemcga
L1 Bithead
In response to mavraham

‎01-12-2023 07:27 AM

Thanks for this. To make sure I understand, this would allow the file to be executed on any endpoint, not just the one server, correct?

0 Likes Likes

mavraham
L3 Networker
In response to cemcga

‎01-12-2023 07:41 AM

Yes, you are correct. 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks