Issue:
- DeepGuard blocks the application. This was determined to be a high-risk application by system control heuristics.
- After the file SHA-1 hash and file path is excluded in F-Secure Client Security 13.x/14.x, Deepguard continues to block the application
Resolution:
You can exclude the network drivers from being scanned, by doing the following:
- Log in to Policy Manager Console
- Click on the Settings tab
- Click on Advanced View
- Navigate to F-Secure DeepGuard
- Click Settings
- Click Excluded applications and enter the exclusion in UNC format, like:'\\servername\share\folder\to\the\app.exe'
If this location is also mapped to a drive letter, then another exclusion must also be added in the mapped format, so for example '
N:\folder\to\the\app.exe'
If the network drive was mapped to N. Both formats are needed, as mapped network drives are user-specific, settings and DeepGuard can't automatically do the user based drive letter mapping. Folder based exclusions on network drives are also supported.
Please refer to the screenshot below when making the exclusions:
7. Distribute the policy
Note:If you are using F-Secure Client Security 13.10, kindly upgrade to 13.11 since the latest version has improvements for DeepGuard.
Wildcard exclusions are only applicable for Real-time scanning. For Deepguard exclusion, kindly use file or folder path.
F-Secure Security Cloud (ORSP) has a higher priority compared to SHA-1 exclusions. Only file or folder path exclusion has higher priority over ORSP.
If you are using Policy Manager Version 14.xx. This setting has been replaced by
Files and applications excluded from scanning, which applies to version 12.x, 13.x, and 14.x hosts. Your existing trusted applications have been moved to the new setting.
Article no: 000004819