Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jperry
Participant

Trying to whitelist a file for Threat Emulation and Anti-Exploit Blade.

I have a user trying to run an .exe that is coming up as malware via the Threat Emulation and Anti-Exploit blade. It is confirmed to be a false positive. I am trying to add it as a whitelist but the only options are: Folder, domain or SHA1. It doesn't look like I can use a wildcard in the folder path for the file name so the next best option would be the SHA1 hash. Is there a relatively easy method for getting the SHA1? Most other AVs will provide the SHA1 on detection so that it can be added to the whitelist. I see the MD5 in the Forensics report but no SHA1. I would hate to have to grab the file from the user everytime there is a false positive just to generate a SHA1 hash.

Is there another way that I should be white listing this? 

Thank you!

0 Kudos
1 Reply
_Val_
Admin
Admin

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events