Issue:
- DeepGuard blocks the application. This was determined to be a high-risk application by system control heuristics.
- After the file SHA-1 hash and file path is excluded in WithSecureClient Security 13.x/14.x/15.x, Deepguard continues to block the application
Resolution:
You can exclude the network drivers from being scanned, by doing the following:
- Log in to Policy Manager Console
- Click on the Settings tab
- Click on Advanced View
- Navigate to F-Secure DeepGuard
- Click Settings
- Click Excluded applications and enter the exclusion in UNC format, E.g. '\\servername\share\folder\to\the\app.exe'
If this location is also mapped to a drive letter (N:\), you would need to add another exclusion must in the mapped format:
e.g. N:\folder\to\the\app.exe
Both formats are needed, as mapped network drives are user-specific, settings and DeepGuard can't automatically do the user based drive letter mapping. Folder based exclusions on network drives are also supported.
Refer to the screenshot below when creating the exclusions:
7. Distribute the policy
Note:
- If you are using WithSecure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for DeepGuard.
- You can also define exclusion with wildcard e.g. if the path is N:\folder\to\the\app.exe and N: has odd mapping then you can always make exclusion like *\the\app.exe
- F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP.
- If you are using Policy Manager Version 14.xx. This setting has been replaced by Files and applications excluded from scanning, which applies to Client Security 13.x and above hosts. Your existing trusted applications have been moved to the new setting.
Article no: 000004819
