install programs without disabling the containment

good morning,

Any program that I try to install in the end point, are executed in a virtual way, I need to disable the containment, to be able to install programs that I need.

my question is:

How can I configure so that the same program to install is reliable, and can install it in all the endpoints, without the need to disable the containment?

thank you very much

@cooperbr ,

Thank you for your input. Containment will allow files(installers) that are digitally signed or files(installers) that have been manually whitelisted by our AV LAB team. Unrecognized files(installers) will be virtualized and block the ones that have malicious ratings. We can suggest creating a specific exclusion folder for your specific applications.

GBS-ITSMwhite-listingbypath-210317-1933-22.pdf (299 KB)

I recommend you clone the policy and make a separate one for each company. Even split it down to workstation and servers etc. Allows for more granular and far greater control. Don’t use the default for all devices.

Thank you very much for the help, working perfectly.