SEP 12.1 Centralized Exception puzzle
Just testing out a centralized exceptions and used Angry IP Scan ver 2.21. Because I know it gets detected. Using SEPM (ver 12.1.671.4971), I created a policy for the file ipscan.exe which is the name of the executable I downloaded and set it to Ignore and when finished shows as Log only. Assigned it to a test group. Forced update all the clients and when all serials are synced started testing.
I tried it out on 2 clients (vers 12.1.671.4971 and 11.0.6300.803). Both times, the test executable was quarantined.
2nd test was, I went to the client (the 11.xx) and opened the quarantine. Selected the ipscan.exe , clicked on Restore , answered Yes on "...sure? , ...create Exclusion...?
After that, I was able to use AngryIPScanner.
Note: There is also an entry for that.
1. Exceptions > Add > Windows Exceptions > Known Risks
2. Find 'AngryIPScanner' and put a check on it. Click Ok
To make sure that the Centralized Exceptions would work, I used the Application option and not the file option. Unless it's for read/write access. Without executing it.
Image shows all the available option, the bottom one is the least likely to work. Although, applying the top most is has the highest risk.