Policies tab:
- Software Restriction Policy (SRP) Whitelist:
- The whitelist is a list of programs explicitly allowed via software restriction path rules.
- We provide a Whitelist EXEs already located in blocked locations upon install checkbox to simplify adding all existing items in blocked locations to the whitelist during client installation.
- You may predefine whitelist policies using the Define button.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- Whitelist policies should be as specific as possible to avoid being overridden by a more specific blacklist entry.
- This concern comes into play when using wildcards, so the use of wildcards should be avoided in whitelist rules if possible.
- SRP Blacklist:
- The blacklist is a list of programs explicitly blocked via software restriction path rules.
- It is possible to use wildcards in blacklist policies.
- Feel free to add additional rules using the Define button to enhance protections for your specific environment.
- d7x Variables can be used in the Custom Locations to apply protections generically to various OS versions and 32/64 bit versions
- note it should be defined one line per folder
- User Hash Definitions:
- Similar to the whitelist and blacklist software restriction policies, our hash definitions also utilize lists to either allow or block a specific hash definitions, respectively.
- Use the various Define buttons to allow or disallow a hash, for the whitelist or blacklist, respectively to either remove a false positive or enhance protections over the base definitions.
- note it should be defined one line per folder
- View the client documentation for more information on these protections
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client