Whitelisting for Anti-Virus

Ming · January 9, 2017, 5:18pm

Hello everyone!

I’ve recently noticed that the anti-virus has detected malware on a false-positive on our network datashare. It is an .exe file for setting up AutoCAD. I know I can manually add the file on the exclusions to whitelist it per machine, but is it possible to whitelist it across the board for all devices in ITSM?

I hate to sound lazy but it’s quite the work load to manually whitelist one program, file, etc. for every computer on our network.

Thanks in advance for any advice and help.

tristan.abundo · January 9, 2017, 5:23pm

Are you using the same profile for all the endpoints. Because if you are then all you need to do is add .exe file as an exclusion on the AV tab for that profile and all other endpoints connected to that profile will take in the changes applied.

Ming · January 9, 2017, 5:27pm

@tristan.abundo I knew there was something I missed. I’ll try that and report back. Thank you!

tristan.abundo · January 9, 2017, 5:33pm

You’re Welcome.

Ilker · January 9, 2017, 6:12pm

@Ming you can also use rating option under Security Sub-systems to trust the file among your network.

Ming · January 9, 2017, 7:08pm

@Ilker The rating option? I’m not seeing that under Security Sub-systems. Do you mean a rating scan?

Ilker · January 9, 2017, 7:33pm

Hi Ming,

It is available from many other menu’s as well but here is what I meant. https://help.comodo.com/topic-399-1-786-10111-Viewing-and-Managing-Quarantined-Items.html

Please read section : Rating files as ‘Unrecognized’, ‘Trusted’ or ‘Malicious’

Select the file you see as false positive and click “Rate as Trusted”

Ilker

Ming · January 9, 2017, 8:22pm

@Ilker I tried to go to this page for the different ratings but the entries are not located in Windows Quarantine. They are located under Security sub-systems>Antivirus>Threat History tab.
I think what tristan suggested will work for now. Thank you both.