09-09-2024 05:15 PM
You can manually or semi-automatically whitelist the alert using 1 of 2 different methods:
The semi-automatic method:
Go to Monitor->Logs->Threat and look at the threat logs. Hover over the ThreatID/Name of the signature you want to whitelist and click the small drop-down arrow that appears at the end of the name. It will give you an option for "Exception", which takes you to a screen to exempt that signature (exact screen depends on if it is an AV, Anti-Spyware, etc. signature). Add the exemption to the appropriate profiles and save/commit.
The manual method:
Go to Monitor->Logs->Threat and click details on a detected threat you want to whitelist. Note Threat ID number in the Details section. Determine if it is an AV, Anti-Spyware, etc. type signature. Go to the appropriate signature-type profile under Objects->SecurityProfiles->[signature-type] and select the profile for the whitelist. In the profile, select the Signature Exceptions tab and add the Threat ID number you noted earlier. (Note: In some profile types you need to click the "Show all signatures" checkbox and the filter/search by name/ID number to locate the signature, select it as an exception.)
