Hi @tlmarques, thanks for reaching us using the Live Community.
You need to create a Disable Prevention Rule.
Go to Settings - Exceptions Configuration - Disable Prevention Rules, create a new one, set the name and fill the parameters:
- Set the target properties, folder location and executable name, command line, or you can use the signer. Only one is enough.
- Module: try with the Local Analysis and check how it goes, if it is an in-house software it is probably "Unknown" for Wildfire and the agent tries to analyze it locally, consuming CPU and RAM to do it.
- Scope: select the applied profile to the Endpoints with the issue.
You can also go to Detecion Rules - IOC and add an IOC with the application path and/or executable hash (ni the "Type" field):
Let me know how it goes.
If this post solved your question, please mark it as the solution.
Hi @tlmarques, thanks for reaching us using the Live Community.
You need to create a Disable Prevention Rule.
Go to Settings - Exceptions Configuration - Disable Prevention Rules, create a new one, set the name and fill the parameters:
- Set the target properties, folder location and executable name, command line, or you can use the signer. Only one is enough.
- Module: try with the Local Analysis and check how it goes, if it is an in-house software it is probably "Unknown" for Wildfire and the agent tries to analyze it locally, consuming CPU and RAM to do it.
- Scope: select the applied profile to the Endpoints with the issue.
You can also go to Detecion Rules - IOC and add an IOC with the application path and/or executable hash (ni the "Type" field):
Let me know how it goes.
If this post solved your question, please mark it as the solution.
