How to exclude a program in Deepguard?

Hi

We use Policymanager 10 and CS 9.x versions

 

F-secure ClientSecurity 9.x Deepguard is suddenly dectecting Dameware as dangerous application. How can I exclude Dameware from Deepguard scanning? I still want Deepguard to be enable.

Comments

  • JouniJouni Posts: 135 F-Secure Product Expert

    Hi Jaro,

    As you are using Policy Manager, you can add the executable file's SHA-1 hash as trusted on Policy Manager's DeepGuard Applications -table.

    This table can be found from Policy Manager Console in advanced mode:
    F-Secure DeepGuard -> Settings -> Applications

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    Please also submit the file to analysis.f-secure.com

     

    After the FA has been fixed you may remove the exclusion again.

     

    BR

  • JaroJaro Posts: 30

    I have done that a few years ago, but now it does not seem to work. Can I use the hash that is shown in the alert? This is just an example for aboapaivitys.exe :

    Application was blocked. This was determined to be a high-risk application by system control heuristics.

    Application path: \\?\c:\aboa\aboapaivitys.exe File hash: 91d3a2b45db6931a4e603dde11ef5484837ce475

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    YES, use that hash!

     

    But I think that DG also obeys the realtime sacnning excludes! at least with FSCS9.31...

     

    BR

  • etomcatetomcat Posts: 1,319 Superuser

    The problem with use of CRC/SHA-1/MD-5 checksum for exclusion is that IBM-compatible PC is a "von Neumann" type platform, therefore self-modifying executable code is perfectly legal. One cannot legitimately expect that only malware will use self-modify code, thus checksum start to change and become unusable.

     

    The best thing is to have the executable receive a digital signage from the software vendor and F-Secure virus lab will grant a generic exclusion for that crypto signature, if the vendor is truly reputable. (But maybe this reputation method may not work now, thanks to guys who wrote Stuxnet/Duqu?)

  • MJ-perCompMJ-perComp Posts: 1,101 Superuser

    signing software requires that the file that is signed does NOT change!

This discussion has been closed.