Product Announcements & Troubleshooting Extended Detection and Response Endpoint Protection

How to configure Device control where all of USB devices are blocked unless white-listed by its hardware ID.
Unable to change settings in an Elements Endpoint Protection profile in the portal due to the save and publish button being greyed out
How to grant Elements Administration - Identity and Access Management role?
Elements Connector unable to forward logs with error "Message too long"
Can Elements EPP for Computer firewall rules for Network Isolation firewall profile be used to allow remote access to the device?
How can I configure Elements Endpoint Protection for Computers to scan on computer startup or reboot?
Does Elements Endpoint Protection support non-persistent VDI environments?
Why is the Software Updater status missing for Elements Agents on Mac in the Elements EPP portal?
Adding allowed or denied sites for Elements Endpoint Protection via the the Portal profile editor does not work
Blocking Android and Apple Device Storage Access with Device Control

How to create a DeepGuard exclusion for Elements Endpoint Protection?

Issue:

How to exclude a file, folder or application that is incorrectly blocked by Elements Endpoint Protection (EPP for Computers or EPP for Servers) DeepGuard feature?

Resolution:

If a file, that you are sure to be safe, is being blocked by DeepGuard, you can exclude a file or folder from all security measures by following these steps:

Log in to the Elements Security Center: https://elements.withsecure.com
Click the See more details link under the product category Endpoint Protection
Go to the Server Configuration > Profiles page
Choose the profile which the device is using
Go to the General settings page
Scroll down to the Exclude folders and files from all security scans section and click Add exclusion
In the Path field add the:
- Full path for the application if you want to exclude a specific application
- Folder path if you want to exclude a folder and its sub folders
Click Save and publish

Note that you can use wildcards when creating the exclusions. For example: C:\Users\*\AppData\Local\test\

This would exclude the AppData\Local\test\ folder and all its sub folders for all users.

If you want to locally on the device itself create the exclusion:

Open the Elements Agent user interface on the device
Go to Settings
Go to the Malware protection settings page
Click view quarantine (enter administrator username and password if needed)
Select the Excluded tab
Click Add new
Add the file path or folder path
Click OK

DeepGuard can also be excluded using the SHA-1 of the process:

Log in to the Elements Endpoint Protection portal
Go to the Events > Security events page
Click on the three dots on the right side of the DeepGuard detection
Select Exclude file by SHA1
- The file SHA1 is automatically added to the Exclude folders and files from all security scans list
Click Save and publish

The SHA-1 can also be added manually to the DeepGuard protection rules. Follow the steps below to manually add an SHA-1 exclusion in DeepGuard:

Log in to the Elements Endpoint Protection portal
Select the Profiles tab on the left
Select the profile you want to add the exclusion to
Select Real-time scanning on the left
Scroll down to DeepGuard protection rules
Click on Add rule
Fill in the SHA1-hash and a note about the application
Click Save and Publish

Note: If DeepGuard is blocking software that you see as trusted, it is recommended to report the file to WithSecure Labs for potential whitelisting.