Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

"Ban by policy" rule takes effect on more policies than selected

"Ban by policy" rule takes effect on more policies than selected

Version

7.0.0.x, below 7.0.1.1456.

 

Issue

When adding a "Ban by policy" rule for specific policies, the ban takes effect for the selected policies and may also take effect implicitly on policies that were not selected.

 

Symptoms

This is observed in the following scenarios

  • The hash that was banned on the selected policies will be blocked also on endpoints that belong to the policies that were implicitly added to the rule.
  • When checking the history of the file (under: Assets --> Files --> File details --> History) it will show that the rule was added to the selected policies and also to the additional policies that were not selected by the user.

 

Cause

The hash ban rule will be added to policies that were created as a clone of another policy.

 

Solution

Use the following workaround to resolve the issue

  1. Remove the existing "hash ban" rule.
  2. Create a new policy from scratch (no clone of another policy)
  3. Move the relevant endpoints from the old cloned policy to the new policy created from scratch.
  4. Create a 'ban by hash' rule for the selected policies. The new ban rule will take effect only on the selected policies.

 

Important Note(s)

This is fixed in 7.0.1.1561 P9

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-06-2015
Views:
520
Contributors