Corporate whitelist

An antivirus solution might identify legitimate corporate-specific applications as suspicious. To prevent these false positives detections, the trusted applications are manually added to a whitelist, which is time consuming.

Cyber Protection can automate this process: backups are scanned by the Antivirus and Antimalware protection module and the scanned data are analyzed, so that such applications are moved to the whitelist, and false positive detections are prevented. Also, the company-wide whitelist improves the further scanning performance.

The whitelist is created for each customer, and is based only on this customer's data.

The whitelist can be enabled and disabled. When it is disabled, the files added to it are temporarily hidden.

Only accounts with the administrator role (for example, Cyber Protection administrator; company administrator; partner administrator who acts on behalf of a company administrator; unit administrator) can configure and manage the whitelist. This functionality is not available for a read-only administrator account or a user account.

Automatic adding to the whitelist

  1. Run a cloud scanning of backups on at least two machines. You can do this by using the backup scanning plans.
  2. In the whitelist settings, enable the Automatic generation of whitelist switch.

Manual adding to the whitelist

Even when the Automatic generation of whitelist switch is disabled, you can add files to the whitelist manually.

  1. In the service console, go to Antimalware protection > Whitelist.
  2. Click Add file.
  3. Specify the path to the file, and then click Add.

Adding quarantined files to the whitelist

You can add files that are quarantined to the whitelist.

  1. In the service console, go to Antimalware protection > Quarantine.
  2. Select a quarantined file, and then click Add to whitelist.

Whitelist settings

When you enable the Automatic generation of whitelist switch, you must specify one of the following levels of heuristic protection:

  • Low
    Corporate applications will be added to the whitelist only after a significant amount of time and checks. Such applications are more trusted. However, this approach increases the possibility of false positive detections. The criteria to consider a file as clean and trusted are high.

  • Default
    Corporate applications will be added to the whitelist according to the recommended protection level, to reduce possible false positive detections. The criteria to consider a file as clean and trusted are medium.

  • High
    Corporate applications will be added to the whitelist faster, to reduce possible false positive detections. However, this does not guarantee that the software is clean, and it might later be recognized as suspicious or malware. The criteria to consider a file as clean and trusted are low.