Issue:
After creating a Real-time scanning > Excluded objects exclusion in the Elements Endpoint Protection profile for Elements EPP for Computers or EPP for Servers, the DeepGuard feature is still blocking an application when trying to run it. The file or folder is visible on the local App and file control list with the type Controlled by admin (real-time scanning).
Resolution:
The Excluded objects exclusion on the Elements Endpoint Protection profile's Real-time scanning settings page does not apply to DeepGuard. To exclude the file from DeepGuard, you can either exclude the path using the Exclude folders and files from all security scans list or create an SHA-1 exclusion from the DeepGuard settings.
Exclude folders and files from all security scans:
- Login to the Elements Endpoint Protection portal
- Go to the Profiles page
- Select the profile
- Go to the General settings > Exclude folders and files from all security scans section
- Click Add exclusion
- Add the folder or file path
- Click Save and Publish
DeepGuard SHA-1 exclusion:
- Login to the Elements Endpoint Protection portal
- Go to the Profiles page
- Select the profile
- Go to the Real-time scanning > DeepGuard section
- Click Add rule
- Enter the application SHA-1 hash
- Click Save and Publish
If issue persists, you can add both SHA-1 hash and file path/name exclusions.
Article no: 000010044