@import "/themes/withsecure/design/coveo/CoveoFullSearch.min.css"; @import "/themes/withsecure/design/headerfooter.css"; header .container, .top-header {display:flex; width: 100%;padding: 0;flex-direction: row;justify-content: space-between;} a#searchboxtoggle[data-toggle="collapse"] #displaysearch:before {content: "\f220";font-family: fsg-icon;font-size: 26px;color: #red;font-style:normal} a#searchboxtoggle[data-toggle="expand"] #displaysearch:before {content: "\f130";font-family: fsg-icon;font-size: 26px;color: #fff;font-style:normal} .header-searchbox {position: absolute;margin: 0;z-index: 30;width: 0;overflow: hidden;right: 30px;height: 53px; transition: .6s ease-in-out;} @media screen and (max-width: 370px){ .header-searchbox.expand {width: 300px;} } @media screen and (min-width:371px) and (max-width: 700px){ .header-searchbox.expand {width: 450px;} } @media screen and (min-width:701px) and (max-width: 991px){ .header-searchbox.expand {width: 450px;} } @media screen and (max-width: 991px){ a.Header-logo svg {margin-top:8px} .header-coveosearch { margin:auto;width: 60px;position: absolute;right: 0;height: 64px;} .header-searchbox {width: 0;overflow:hidden} .header-searchcontainer {position:absolute;margin:auto;top: 0;width: 60px;height: 62px;text-align: center;} .header-searchcontainer {padding-top: 6px;} .header-searchbox {position: absolute;margin: 0;z-index: 30;width: 0;overflow: hidden;right: 60px;top:0;height: 63px;} .bottom-header.display {width:100%} .searchPage .Hamburger {right:9px!important;left:unset!important} .searchPage .Hamburger-border {right:0!important;} } @media screen and (min-width: 992px){ header .row:nth-child(1) {position:absolute; top:0;height:52px} .bottom-header {margin-top:60px} .header-top-links {margin-left:auto} .header-searchcontainer {float:unset; margin:unset} .header-coveosearch {margin-top:8px;margin-right:30px;width: 10px;} .header-searchbox {top: -9px;} .header-searchbox.expand {width: 500px; min-height:200px} .searchboxtoggle {margin-top:0} .searchboxtoggle:hover {cursor:pointer} .searchboxtoggle:hover #displaysearch:before, .header-searchcontainer.expand .searchboxtoggle:hover #displaysearch:before {color: #c6ceff} .helpforum-dropdown:hover, .supportarticles-dropdown:hover {cursor: default;} .helpforum-dropdown a:hover {cursor: pointer;} .helpforum-dropdown a, .supportarticles-dropdown p {width: fit-content} .header-top-link.active::after, .header-top-link:hover::after {top:-5px} .helpforum-dropdown.active::after, .supportarticles-dropdown.active::after, .dropdowns > li:hover::after {top:7px} } @media screen and (min-width: 992px) and (orientation:landscape) { .top-header {width:98%;} } .btn { min-width: 100px; } .btn-inverse { color: #fff; border-color: #fff; background-color: #00000000; border-width: 1px; } .btn { display: inline-block; margin-bottom: 0; font-weight: 600; text-align: center; vertical-align: middle; touch-action: manipulation; cursor: pointer; background-image: none; border: 1px #00000000; line-height: .71; border-radius: 4px; -webkit-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; font-size: 14px; padding: 14px 15px; min-width: 114px; text-decoration: none; } .btn-lg, .btn { -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; } .btn { text-rendering: optimizeLegibility; -ms-font-feature-settings: "liga" 1,"kern" 1; font-feature-settings: "liga" 1,"kern" 1; font-variant-ligatures: normal; font-kerning: normal; } a { text-decoration: underline; } .cmp_footer { font-family: Archivo-Light; color: #bec3c8; font-size: 14px; font-weight: 300; line-height: 1.6em; letter-spacing: .03em; background-color: #001423; color: #fff; padding: 3em 0 2em 0; text-align: center; } @media (min-width: 992px) .cmp_footer__newsletter { grid-area: newsletter; margin-top: 2.5em; } .cmp_footer { font-family: Archivo; color: #bec3c8; font-size: 14px; font-weight: 300; line-height: 1.6em; letter-spacing: .03em; background-color: #001423; color: #fff; padding: 3em 0 2em 0; text-align: center; } .btn.btn-inverse.btn-outline { border: 1px solid #fff; }

Community

Support Articles WithSecure Elements Endpoint Protection

Elements Endpoint Protection - DataGuard feature blocks Windows processes and applications installed in the Windows Users or AppData folder

Issue:

When the DataGuard features Access control and Discover trusted applications automatically are enabled for Elements EPP for Computers or EPP for Servers, DataGuard blocks Windows processes and applications installed in the Windows Users, AppData or System32 folder.

Elements Endpoint Protection Portal device Security Events tab shows an alert with the Source as DataGuard and the Description "DataGuard has blocked an attempt to access"

Elements Agent Event History on the device shows "Application was blocked from accessing your files" and the Reason as Ransomware:AccessControl.

Resolution:

If the blocked application (OneDrive.exe, Firefox.exe, Chrome.exe, WhatsApp.exe etc.) is in the Windows Users or AppData directory, it is not by default a trusted application location and therefore it will be blocked if it tries to modify a file that is located in a protected path. You can view the currently trusted application paths from the Elements Endpoint Protection Portal:

Log in to the Elements Security Center
Click See more details in the Endpoint Protection section
Go to the Devices page
Click a device that has DataGuard enabled
In the Protection status tab, click on the DataGuard (Premium) section

This will show you the currently protected paths and the currently trusted application paths.

To not have DataGuard block an application, you can either:

Install the application to a trusted path, such as C:\Program Files (x86)\
Add the application path to the Manually added trusted applications and folders list

How to add the application path to the Manually added trusted applications and folders list.

Log in to the Elements Endpoint Protection Portal
Go to the Profiles page
Select the profile the device is using
Go to the DataGuard settings page
In the Access Control section, click Add path below Manually added trusted applications and folders
Add the full path of the application, example C:\Users\Username\Documents\exampleprogram\example.exe
Click Save and publish the profile

Note: You can use system environment variables when you want to create an exclusion for many users. The supported environment variables are: %USERPROFILE%, %HOMEDRIVE%, %HOMEPATH%, %APPDATA%, %ProgramFIles%, %ProgramFiles(x86)% %ProgramData%, %windir%, %SystemRoot%, %SystemDrive%

Example: %USERPROFILE%\AppData\Local\Mozilla Firefox\firefox.exe

If you need to find out more about the detection (detection path, target path etc.), you can view it from the Security events page:

Log in to the Elements Endpoint Protection Portal
Go to the Security events page from the menu on the left
Click on the double arrow on the left side of the detection

From the Security Events page you can also add the application to the Manually added trusted applications and folders list:

Log in to the Elements Endpoint Protection portal
Go to the Security Events page
Click on the Three dots on the right side of the DataGuard detection
Select Add the application to the Dataguard's trusted list
Click Save and publish

Article no: 000007003