Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: After Approving Banned File, the State Persists

App Control: After Approving Banned File, the State Persists

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Symptoms

Blocks or would-have-blocked report events for files that have been approved

Cause

In some circumstances when the file ban was done for one hash type, and the approval was done for another. In this situation, the ban will take precedence
For example, if the original ban was based on the md5 hash, but the approval was done for the sha256 hash, the file will still be considered banned

Resolution

  1. Log into the App Control console
  2. Navigate to Assets > Files and search for the file name
  3. Look at the file details and make a note of the 3 hash values
  4. Go to Rules > Software Rules > Files, and then use the following Filter: 
    File or Hash contains <md5 hash value>
                       or <sha1 hash value>
                       or <sha256 hash value>
  5. If there are any rows returned with Type = Ban or Type = Ban (Report Only)
  6. Go to Edit File Rule, change the Rule Type to Approval, and Save

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-15-2021
Views:
669
Contributors