Version

All.

Issue

Previously approved network logon script is getting blocked after it’s modified.

Symptoms

Receiving a block notification for a file that is previously approved after it’s modified.

Cause

Any change made to a "file of interest" will result in the hash value of that file changing. When that value changes, Bit9 Agent regards all previous "trust" values associated with the file to be invalid and moves the file back to a "pending" state.

Solution

• If your changes are infrequent you can simply go back and Approve the "new" (edited) version of the file; or

• Create a trusted directory or trusted path rule for your netlogon shared folder. Ensure that there’s proper security on that folder to prevent unauthorized user from creating or moving or editing its content.