Rapid Detection & Response (RDR) detects a safe application (e.g. an in-house application). How to whitelist the detection?
To whitelist a file directly, complete the following:
1. Login to PSB portal > Devices.
2. Next to the device overall protection, click on the Rapid Detection and Response "Active" status.
3. Go to Detections tab, tick the Broad Context Detections ID check box.
4. Click "Update status" option at bottom page.
5. Select "Closed" from drop down menu, then select reason as "false positive".
6. Click "Update" option.
Once you have at least 1 incidents that are identical to the incident, and there is no identical incident where status is closed as confirmed, the false positive handling in Rapid Detection and Response will close the false positive automatically.
In the event that this has been completed multiple times and the file still gets detected, make a whitelist request for the False Positive event as follows:
- From the left-hand menu in the Rapid Detection and Response portal, click the three dots below Reports and choose Support
- Click the link Request whitelisting, this will bring up a support request form
- Verify that the following fields are populated correctly:
- Problem Category -> Threat/Malware
- Problem Subcategory -> False Positive
- Product Group -> For Business
- Product Name -> Rapid Detection & Response
- Language -> English
- Under Description, provide the Broad Context Detection ID (BCD-ID), a reason for why this content should be whitelisted and the scope (Single host, company level, etc)
- Fill in the rest of the required case information. Correct and complete information helps us to identify you and provide you with the proper service level
- Click Send to open the support ticket
Article no: 000008622