Issue:
How to create a Real-Time Scanning or DeepGuard exclusion for a file or folder for Elements Endpoint Protection (EPP for Computers or EPP for Servers) when the SHA-1 of the application changes with each update?
Resolution:
You can exclude a file or folder from all security measures by following these steps:
- Log in to the Elements Security Center: https://elements.withsecure.com
- Click the See more details link under the product category Endpoint Protection
- Go to the Profiles page
- Choose the profile which the device is using
- Go to the General settings page
- Scroll down to the Exclude folders and files from all security scans section and click Add exclusion
- In the Path field add the:
- Full path for the application if you want to exclude a specific application
- Folder path if you want to exclude a folder and its sub folders
- Click Save and publish
Note that you can use wildcards when creating the exclusions:
For example: C:\Users\*\AppData\Local\test\
This would exclude the AppData\Local\test\ folder and all its sub folders for all users.
If you want to locally on the device itself create the exclusion:
- Open the Elements Agent user interface on the device
- Go to Settings
- Go to the Malware protection settings page
- Click view quarantine (enter administrator username and password if needed)
- Select the Excluded tab
- Click Add new
- Add the file path or folder path
- Click OK
DeepGuard can also be excluded using the SHA-1 of the process:
- Log in to the Elements Endpoint Protection portal
- Go to the Security events page
- Click on the three dots on the right side of the DeepGuard detection
- Select Exclude file by SHA1
- The file SHA1 is automatically added to the Exclude folders and files from all security scans list
- Click Save and publish
Article no: 000007319