Access to process was blocked
Brand new F-Secure admins here (switched from Trend WFBS) so this is a stupid question I hope. We keep seeing the following alerts:
Security alert: Access to process was blocked.
From: COMPUTER, 2021-01-12 09:26:08 -05:00
Details: Access to process was blocked. Application path: C:\Windows\SysWOW64\OneDriveSetup.exe Path: C:\Program Files (x86)\F-Secure\Client Security\fshoster32.exe
The first debate we had internally was does that mean F-Secure was blocked from that process OR that process was blocked via F-Secure?
We don't use onedrive and have it (apparently not well enough) beaten into a corner and shouldn't be running...but this is also confusing with what's triggering what.
MonikaL Posts: 207 Former WithSecure Employee
This is usually an alert prompted by Dataguard. This means the application was blocked by F-Secure. If the blocked application (for example, OneDrive, Firefox etc.) is in the Windows Users or AppData directory, it is not by default a trusted application location and therefore it will be blocked if it tries to access a file that is located in a protected location.
If the setting Discover trusted applications automatically is enabled, only applications that are installed under the 'default trusted locations' or utilizing 'default trusted processes' will be allowed to make changes to DataGuard Monitored folders automatically.
How to add the application to the DataGuard Trusted applications list:
Log in to the Policy Manager Console
Select a host or policy domain from the Domain Tree
Go to the Settings tab
Go to the DataGuard settings page
Scroll down to the Trusted applications table and click Add
Write the full application path to the Applications field
Distribute the policy (Ctrl + D).0