GoToMeeting Whitelist

cancel
Showing results for 
Search instead for 
Did you mean: 

GoToMeeting Whitelist

L0 Member

Does anyone know how to whitelist the GoToMeeting download?

 

It is an EXE but the client agent blocks it.  When I attempt to whitelist it, EVERY SINGLE download is a different hash value making it impossible to whitelist.

 

Thanks for any suggestions.

5 REPLIES 5

L1 Bithead

Can you please post the alert details?

You can actually make an exception based on the filename, signer or various other methods etc.. under the Invetigation tab > Exclusions.

ks

L4 Transporter

Hi BillStrahan,

 

It would be beneficial to post the "alert source" and "alert name" values observed when executing the GoToMeeting file. Adding to the allow list, as instructed here, would only work if the "Alert Source = 'XDR Agent'" and the "Alert Name contained 'malware.'"  Other alert sources and names have different instructions for creating exceptions to permit a file to run. For example, an alert with "Alert Source = 'XDR Agent'" and the "Alert Name = 'Behavioral Threat,'" would need a BTP exception rather than a whitelist to permit execution.

 

More information about the different ways to make exceptions can be found here: Add a New Exceptions Security Profile.

 

Please let us know your findings.

 

PS. Given that the hash changes frequently, there are two other ways to permit the GoToMeeting file to run if it is being categorized as malware, and that is by adding the signer to the Allow List Signers ('Malware Security Profile' > 'Allow List Signers,') or to a Files/Folders allow list ( 'Malware Security Profile' > 'Files/Folders in Allow List.')

--gjenkins

L4 Transporter

Hi @BillStrahan -

 

For this very "installer," the Trusted Publisher feature was introduced over 4 years ago.  The Trusted Publisher feature should allow the installer to run.  I recommend contacting Support if you are seeing blocks tied to the GTM installer.  


David Falcon 
Solutions Architect, Cortex
Palo Alto Networks® 

Our prior AV solution began having fits with Goto products about a year ago.  As paying customers we begged the LogMeIn vendor to stop changing the hash of the file each time it was downloaded to no avail.  We were forced to place the vendors certificate on the allow list since this crippled the organization.  We have not run into any issues with the Goto products with Cortex XDR Prevent 7.1.3 on Windows (don't do Mac/Linux).

L4 Transporter

Hi @BillStrahan

 

Were you able to successfully add the GoToMeeting executable to the allow list using any previous suggestions?

--gjenkins
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!