Global whitelist overrides can now be set on a file or folder level as well as the traditional MD5 level in Endpoint Protection. This upgrade allows greater flexibility in the deployment of overrides and means that multiple related MD5 overrides no longer have to be whitelisted individually, instead the whole associated directory can simply be whitelisted.
If you detect or remove a file before an exclusion or override is in place, you will need to uninstall then reinstall or ensure that the detected files are restored from quarantine. If the files are still located locally in the quarantine or block/allow tab, the exclusion does not work.
To create whitelist override:
From the Site console, click the Overrides tab.
The system displays the Overrides panel, with the Whitelist pane active.
Click the Create button.
The system displays the Create override window.
To create an MD5 override type, do the following:
In the Override Name field, enter a name for the override
Make sure the MD5 radio button is selected.
In the MD5 field, enter the 32-character unique identifier for the file.
Select either the No or Yes Apply to Policy radio button.
Click the Save button.
To create a Folder/File override, continue with this procedure.
To use File/Folder overrides please make sure endpoints are running version 9.0.1 or higher of Webroot SecureAnywhere Endpoint Protection. Earlier versions support MD5 overrides only.
In the New Whitelist Entry window, select the Path/File radio button.
The system displays the Create override window with the relevant fields.
Use the information in the following table to populate the fields.
Enter a name for the override.
You have already selected the Path/File radio button.
Target a file or group of files by specifying a file mask with optional wildcards, for example, *.exe to target all executable files in the selected folder. This will default to all files in the selected folder/path if not specified.
The folder to target with the override. You can specify an absolute path, for example, ‘x:\myfolder\’ or a system variable with optional path, for example, ‘%SystemDrive%\myfolder’. Default supported environment variables are displayed when you type ‘%’ however you may choose to use any variable you have setup on the target machine with the exception of user variables which are not supported. You may not use ‘%temp%’ for example as this refers to a specific users temp directory (‘username/temp/’). Wildcards are not supported.
Select this checkbox to apply the override to all sub-folders within this folder.
Detect if Malicious
If this setting is enabled Webroot will continue to protect the user against threats originating from the selected file/folder whitelist override but will disable monitoring and journaling. This is primarily used to improve performance when monitoring and journaling is being applied to a large number of files with an unknown determination. Disabling this setting will provide a true whitelisting, allowing files to run without Webroot protection.
Global (GSM) Override
Selecting this will make the Override global for every site under the current GSM Console.
Apply to Policy
Do either of the following:
Select Yes to apply the Override to a specific policy, global policies included.
Select No to apply to all policies on the selected site.