How to create a DeepGuard exclusion for Elements Endpoint Protection?

Issue:

How to exclude a file, folder or application that is incorrectly blocked by Elements Endpoint Protection (EPP for Computers or EPP for Servers) DeepGuard feature?

Resolution:

If a file, that you are sure to be safe, is being blocked by DeepGuard, you can exclude a file or folder from all security measures by following these steps:

Log in to the Elements Security Center: https://elements.withsecure.com
Click the See more details link under the product category Endpoint Protection
Go to the Server Configuration > Profiles page
Choose the profile which the device is using
Go to the General settings page
Scroll down to the Exclude folders and files from all security scans section and click Add exclusion
In the Path field add the:
- Full path for the application if you want to exclude a specific application
- Folder path if you want to exclude a folder and its sub folders
Click Save and publish

Note that you can use wildcards when creating the exclusions. For example: C:\Users\*\AppData\Local\test\

This would exclude the AppData\Local\test\ folder and all its sub folders for all users.

If you want to locally on the device itself create the exclusion:

Open the Elements Agent user interface on the device
Go to Settings
Go to the Malware protection settings page
Click view quarantine (enter administrator username and password if needed)
Select the Excluded tab
Click Add new
Add the file path or folder path
Click OK

DeepGuard can also be excluded using the SHA-1 of the process:

Log in to the Elements Endpoint Protection portal
Go to the Events > Security events page
Click on the three dots on the right side of the DeepGuard detection
Select Exclude file by SHA1
- The file SHA1 is automatically added to the Exclude folders and files from all security scans list
Click Save and publish

The SHA-1 can also be added manually to the DeepGuard protection rules. Follow the steps below to manually add an SHA-1 exclusion in DeepGuard:

Log in to the Elements Endpoint Protection portal
Select the Profiles tab on the left
Select the profile you want to add the exclusion to
Select Real-time scanning on the left
Scroll down to DeepGuard protection rules
Click on Add rule
Fill in the SHA1-hash and a note about the application
Click Save and Publish

Note: If DeepGuard is blocking software that you see as trusted, it is recommended to report the file to WithSecure Labs for potential whitelisting.

Article no: 000007869