Endpoint Protection Small Business Edition

Hi,

As a software development house, our development team create a number of tools for use with our own products.

Today, I had a report of one of the tools "ABCapp.exe" (for example) being removed by the SONAR element of the protection.

Background - "ABCapp.exe" opens ports to send data for the function of our own products, and has been created here.

While it is possible to restore the file on an individuals machine, or from the manangement console - I'd like to know what would happen if I added it to the 'Discovered Programs' list, and said 'allow'.

When a program is added to the DP list - are there any checks in place to ensure that only that particular file called 'ABCapp.exe' is allowed? (checksums etc)

E.g. to protect against any old malicious file being called 'ABCapp.exe', and then allowed because of the DP rule.

I've tried to word that as clearly as possible - please let me know if you need any more information.

Thanks.

Just to update, another couple of our self-built tools are also being reported/quarantined by SONAR (probably due to purpose / new discoveries), so any advice would be appreciated.

It seems to be possible to restore the individual file on the client or portal, I would just like some advice with how to best handle this (safely) in bulk.

Thanks.

If these files are being detected by SONAR, then you should create Custom Exclusions as shown in screen below.

To restore files from quarantine, please check out this short video.

http://bit.ly/manage_agents

Hi,

Thanks for the suggestion - however, as the files i refer to do not exist in a specific path (they are standalone exes), its not possible to exclude them in the way you suggest. (see screenshot)

The solution would be (as suggested by a separate support ticket) would be for our developers to add a digital signature to their development tool exe files.