F-Secure Elements Endpoint Protection DataGuard feature blocks Windows processes and applications installed in the Windows Users or AppData folder - F-Secure Community
<main> <article class="userContent"> <h3 data-version="20" data-article="000007003" data-id="issue">Issue:</h3> <p>When the DataGuard features <b>Access control</b> and <b>Discover trusted applications automatically </b>are<b> </b>enabled for F-Secure Elements EPP for Computers or EPP for Servers, DataGuard blocks Windows processes and applications installed in the Windows <b>Users</b>, <b>AppData</b> or <b>System32</b> folder.<br><br>Elements Endpoint Protection Portal device <b>Security Events </b>tab shows an alert with the <b>Source</b> as <b>DataGuard </b>and the <b>Description</b> "DataGuard has blocked an attempt to access"<br><br>Elements Agent <b>Event History</b> on the device shows "Application was blocked from accessing your files" and the <b>Reason</b> as Ransomware:AccessControl.<br> </p> <h3 data-id="resolution">Resolution:</h3> <p>If the blocked application (OneDrive.exe, Firefox.exe, Chrome.exe, WhatsApp.exe etc.) is in the Windows <b>Users</b> or <b>AppData</b> directory, it is not by default a trusted application location and therefore it will be blocked if it tries to modify a file that is located in a protected path. You can view the currently trusted application paths from the Elements Endpoint Protection Portal:<br></p><ol><li>Log in to the Elements Security Center</li><li>Click <b>See more details </b>in the Endpoint Protection section</li><li>Go to the <b>Devices </b>page</li><li>Click a device that has DataGuard enabled</li><li>In the <b>Protection status </b>tab, click on the <b>DataGuard (Premium) </b>section </li></ol> This will show you the currently protected paths and the currently trusted application paths.<br><br>To not have DataGuard block an application, you can either: <ul><li>Install the application to a trusted path, such as C:\Program Files (x86)\</li><li>Add the application path to the <b>Manually added trusted applications and folders </b>list</li></ul> How to add the application path to the <b>Manually added trusted applications and folders </b>list. <ol><li>Log in to the Elements Endpoint Protection Portal</li><li>Go to the <b>Profiles</b> page</li><li>Select the profile the device is using</li><li>Go to the <b>DataGuard</b> settings page</li><li>In the <b>Access Control</b> section, click <b>Add path </b>below <b>Manually added trusted applications and folders</b></li><li>Add the full path of the application, example C:\Users\Username\Documents\exampleprogram\example.exe</li><li>Click <b>Save and publish</b> the profile</li></ol><b>Note:</b> You can use system environment variables when you want to create an exclusion for many users. The supported environment variables are: %USERPROFILE%, %HOMEDRIVE%, %HOMEPATH%, %APPDATA%, %ProgramFIles%, %ProgramFiles(x86)% %ProgramData%, %windir%, %SystemRoot%, %SystemDrive%<br><br>Example: %USERPROFILE%\AppData\Local\Mozilla Firefox\firefox.exe<br><br>If you need to find out more about the detection (detection path, target path etc.), you can view it from the <b>Security events </b>page: <ol><li>Log in to the Elements Endpoint Protection Portal</li><li>Go to the <b>Security events </b>page from the menu on the left</li><li>Click on the double arrow on the left side of the detection</li></ol> From the <b>Security Events</b> page you can also add the application to the <b>Manually added trusted applications and folders</b> list: <ol><li>Log in to the Elements Endpoint Protection portal</li><li>Go to the <b>Security Events</b> page</li><li>Click on the <b>Three dots</b> on the right side of the DataGuard detection</li><li>Select <b>Add the application to the Dataguard's trusted list</b></li><li>Click <b>Save and publish</b></li></ol><p>Article no: 000007003</p> </article> </main>