Issue: A DeepGuard Security alert is sent to the Elements Endpoint Protection portal's Security events list or Policy Manager Console's Alerts list.Example: Security alert: DeepGuard prevented an untrusted application from modifying another process.Details: DeepGuard prevented an untrusted application from modifying another process. Application path: C:\Program Files\exampleprogram\examplefile.exe File hash: 2179dde55137b4a228135af0b45acc7752e13e15Can this be a false positive and can the file be excluded? Resolution: DeepGuard is equipped with a self-protection feature where it prevent any process from terminating WithSecure's processes. DeepGuard monitors the OpenProcess function, which is used by the program to access the WithSecure process information with a termination rights. When DeepGuard detects that the program is trying to open a WithSecure process with the PROCESS_TERMINATE flag, it shows a block message and removes the flag, preventing the ability of the program from terminating the process.This alerts will not affect the functionalities of the accessor program as DeepGuard only removes the termination rights, hence made the OpenProcess called more safe towards WithSecure processes.If you want to make sure it is not a false positive, you can open a submit a sample ticket.If you are absolutely sure it to be a false positive and you do not want to have the alert shown, as a workaround you can exclude the program directly by using its path + filename or by excluding the SHA1 value shown in the alert. Follow these steps to add an exclusion:For Business Suite (Client Security and Server Security) using Policy Manager policy: Log in to the Policy Manager ConsoleSelect a policy domain or host from the Domain TreeGo to the Settings tabGo to the Real-time scanning settingsScroll to the Files and applications excluded from scanning table and enable Do not scan the following files and applications Click AddSet the scope as All scans and select File path from the drop-down menuAdd the file path C:\Program Files\Exampleprogram\examplefile.exe and click OKDistribute the policy (Ctrl + D) For Elements Endpoint Protection (EPP for Computers and EPP for Servers) using portal profile: Log in to the Elements Security Center: https://elements.withsecure.comOpen the Security configurations section from the menu on the leftGo to the Profiles pageChoose the profile which the device is usingGo to the General settings pageScroll down to the Exclude folders and files from all security scans section and click Add exclusionIn the Path field add the: Full path for the application if you want to exclude a specific applicationFolder path if you want to exclude a folder and its sub foldersClick Save and publish The SHA-1 can also be added manually to the DeepGuard protection rules. Follow the steps below to manually add an SHA-1 exclusion in DeepGuard: Log in to the Elements portalOpen the Security Configurations section from the menu on the leftSelect the Profiles tab on the leftSelect the profile you want to add the exclusion toSelect Real-time scanning on the leftScroll down to DeepGuard protection rulesClick on Add ruleFill in the SHA1-hash and a note about the applicationClick Save and Publish