Issue:
Elements Endpoint Protection (EPP for Computers or EPP for Servers) Application Control rule "Block rare and unknown files in Temp folder" or "Block rare and unknown files in Downloads folder" blocks an application from running. How to create an Application Control exclusion to allow the application to run?
Resolution:
The Application Control exclusion can be created using several different conditions. To view the details of the application or file which was blocked:
- Log in to the Elements Endpoint Protection Portal
- Select the Security events page from the menu on the left
- Click on the double arrows on the left of the detection to view the details
From here you can easily copy for example the Target product name and Target signature signer name.
Once you have the details of the blocked file, you can create an Application Control exclusion:
- Go to the Profiles page
- Select the profile you want to edit
- Go to the Application Control settings
- Click Add a new top rule
- Select Application start and module load from Event drop-down menu and Allow from Event drop-down menu
- Add a condition: Target signer name > is equal to > Target signature signer name (copied from the Security events details)
- Click Save and publish
In step 6. you can also use any other condition that suit your needs, you do not have to use Target signer name. Target product name, target file name and target company are other conditions that could be used in this situation. All of which can be found from the block detection found on the Security events page.
Make sure the Allow rule is above the block rules in the table, since exclusion rules in the table are applied in priority order: first rule first.
For a more detailed description of Application Control exclusion rules, you can read through this Help Guide page.
Article no: 000027741