Issue:
An application's network connectivity is blocked once Connection Control session has been activated when user visits a banking website. How to create a Connection Control exclusion for Elements EPP for Computers or EPP for Servers devices, so that the network connection is not blocked when Connection Control is active?
Resolution:
When Connection Control is active, Processes other than banking browser and its children are seriously limited in connectivity.
- Signed non-banking processes can only connect to safe IPs. The unrated IPs will be blocked.
- Unsigned processes are disconnected on IP level
If an application is being blocked by Connection Control, to resolve the issue, make sure that the blocked application's binaries are digitally signed.
If you do not know which file exactly is getting blocked by Elements Endpoint Protection Connection Control, you can view the detection from the Elements Endpoint Protection Portal Security Events page:
- Log in to the Elements Endpoint Protection Portal
- From the menu of the left, go to the Security events page
- Click on the filter icon on the right side of the page title
- Select as Filter: Source, and as Value: Connection control
From the results you can now easily view all Connection control events. Click on the double arrows on the left side of the detection to view more details.
As a workaround, you can exclude the application's executable or folder from all security features, so that it will not be blocked by Connection Control when it is active.
You can do this from the Elements Endpoint Protection Profile Editor:
- Log in to the Elements Endpoint Protection portal
- Go to the Profiles page
- Select the profile that is in use on your devices
- Go to the General settings page
- Scroll down to the Exclude folders and files from all security scans and click Add exclusion
- Enter the either the full path of the application or the folder path to the application, for example:
- Application path: C:\Program Files (x86)\Example\ExampleApplication.exe
- Folder path: C:\Program Files (x86)\Example\
- Click Save and publish
Once the profile has been saved and published, it will be taken into use by the devices in 5-15 seconds.
In case excluding the application's executable or folder from all security features is not acceptable workaround, you need to whitelist the IP address, using the following setting through the Profile Editor:
* Browsing Protection > Sites > Allowed sites
Article no: 000008273