Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Probable Ransomware Whitelisting

Customers can now whitelist known safe application file extensions, which were detected as Probable Ransomware issues within Secure & Govern. Known safe applications also generate some known Ransomware file extensions. Many of these applications are not widely used and can generate false-positive detections. 

Our approach is to provide the broadest artifact-based Ransomware detection to limit the risk of a Ransomware attack. We also realize a small percentage of customers are leveraging various applications and are experiencing more false-positive detections. Introducing file extension whitelisting allows us to maximize our Ransomware coverage while also addressing higher false-positive rates.

There are two ways to whitelist a file extension. Both are described below

Whitelisting a file extension will prevent future artifact-based and Zero-day (Behavioral-based) detections for the whitelisted file extension.

 

Skip Ahead To...

Issue Remediation - Add Whitelist File Extensions

Analysis Rules Settings - Add Whitelist File Extensions

Analysis Rules Settings - Remove Whitelist File Extensions

 

Issue Remediation - Add Whitelist File Extensions 

Issue Reviewers can whitelist file extensions, within the Issues View, by doing the following:

  1. Log into Secure and Govern.
  2. Go to the Issues tab.
  3. Select an Open Probable Ransomware issue.
  4. Select Remediate dropdown options.
    secure_probable_whitelisting_3.png
  5. Select Whitelist File Extensions. The Whitelist modal appears pre-populated with the detected file extensions.
    Probable Ransomware Whitelisting 2.png
  6. Remove extensions that should not be whitelisted or Add additional extensions to the whitelist.
  7. Select a Reason.
  8. Enter Comments.
    secure_probable_whitelisting_10.png
  9. Click on the Whitelist button and whitelist dialogue appears.
    secure_probable_whitelisting_11.png
  10. Click on the Whitelist button again.
  11. Extensions will be whitelisted. Users can remove the whitelisted file extensions if needed.
    mceclip4.png

 

Analysis Rules Settings - Add Whitelist File Extensions 

Entitled users can whitelist file extensions, within the Probable Ransomware Analysis Rules Settings, by doing the following:

  1. Log into Secure and Govern.
  2. Go to the Settings.
  3. Select Analysis Rules.
  4. Select Probable Ransomware.
    mceclip5.png
  5. Select Add file extension.
    Probable Ransomware Whitelisting 7.png
  6. Add file extensions to the whitelist.
  7. Enter Comments.
    Probable Ransomware Whitelisting 8.png
  8. Click on the Whitelist button, and file extensions will be whitelisted
    Probable Ransomware Whitelisting 9.png

 

Analysis Rules Settings - Remove Whitelist File Extensions 

Entitled users can whitelist file extensions, within the Probable Ransomware Analysis Rules Settings, by doing the following:

  1. Log into Secure and Govern.
  2. Go to the Settings.
  3. Select Analysis Rules.
  4. Select Probable Ransomware.

    mceclip5.png
  5. Go to desired file extension and click on X to remove it.
    Probable Ransomware Whitelisting 10.png
  6. The remove file extension dialogue appears.
    mceclip9.png
  7. Click on the Remove button.
  8. The file extension is removed.
    Probable Ransomware Whitelisting 12.png
Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.