Endpoint Protection

Hi,

we are wondering if we can create an exception for files which is based on hash value but ignores file path.

When adding a file through risk log or application learning, the exception is always based on hash and file path. We want an exception based on hash which ignores where the file is located at.

Is that possible?

Regards

concentric

This option doesn't exist. It's only via the method you've noted by doing from the Risk log.

You can put in a request for a product enhancement:

http://www.symantec.com/docs/TECH215657

When you create an application exception you exclude the hash regardless of its location, the file path is only shown as a reference.

https://support.symantec.com/en_US/article.HOWTO80928.html#v40057916

Feel free to test your self with an eicar exception by excluding the hash and then move the file around the file system :)

I will run a test this week and report back when I'm done. Thanks so far.
 

Hi concentric,

What you are looking for may be contained in:

Exceptions, Illustrated: Part One

https://www.symantec.com/connect/articles/exceptions-illustrated-part-one

Exceptions, Illustrated: Part Two

https://www.symantec.com/connect/articles/exceptions-illustrated-part-two

Hi Brian,

Will these hash values are excluded using the system lockdown method, In which we will exclude the hash values?

Will it helps or not?