Access to process was blocked

dubinl

Brand new F-Secure admins here (switched from Trend WFBS) so this is a stupid question I hope. We keep seeing the following alerts:

Security alert: Access to process was blocked.

From: COMPUTER, 2021-01-12 09:26:08 -05:00

Details: Access to process was blocked. Application path: C:\Windows\SysWOW64\OneDriveSetup.exe Path: C:\Program Files (x86)\F-Secure\Client Security\fshoster32.exe 

The first debate we had internally was does that mean F-Secure was blocked from that process OR that process was blocked via F-Secure?

We don't use onedrive and have it (apparently not well enough) beaten into a corner and shouldn't be running...but this is also confusing with what's triggering what.

MonikaL

Hi,

This is usually an alert prompted by Dataguard. This means the application was blocked by F-Secure. If the blocked application (for example, OneDrive, Firefox etc.) is in the Windows Users or AppData directory, it is not by default a trusted application location and therefore it will be blocked if it tries to access a file that is located in a protected location. 

If the setting Discover trusted applications automatically is enabled, only applications that are installed under the 'default trusted locations' or utilizing 'default trusted processes' will be allowed to make changes to DataGuard Monitored folders automatically.

How to add the application to the DataGuard Trusted applications list:

Log in to the Policy Manager Console

Select a host or policy domain from the Domain Tree

Go to the Settings tab

Go to the DataGuard settings page

Scroll down to the Trusted applications table and click Add

Write the full application path to the Applications field

Distribute the policy (Ctrl + D).