Customers can now whitelist known safe application file extensions, which were detected as Probable Ransomware issues within Secure & Govern. Known safe applications also generate some known Ransomware file extensions. Many of these applications are not widely used and can generate false-positive detections. 

Our approach is to provide the broadest artifact-based Ransomware detection to limit the risk of a Ransomware attack. We also realize a small percentage of customers are leveraging various applications and are experiencing more false-positive detections. Introducing file extension whitelisting allows us to maximize our Ransomware coverage while also addressing higher false-positive rates.

There are two ways to whitelist a file extension. Both are described below

Issue Remediation - Add Whitelist File Extensions 

Issue Reviewers can whitelist file extensions, within the Issues View, by doing the following:

  1. Log into Secure and Govern.
  2. Go to the "Issues" tab
  3. Select an "Open" Probable Ransomware issue
  4. Select "Ignore" dropdown options

    mceclip0.png
  5. Select "Whitelist File Extensions." The "Whitelist" modal appears pre-populated with the detected file extensions

    mceclip1.png
  6. "Remove" extensions that should not be whitelisted or "Add" additional extensions to the whitelist.
  7. Select a "Reason"
  8. Enter "Comments"

    mceclip2.png
  9. Select the "Whitelist" and whitelist dialogue appears

    mceclip3.png
  10. Select the "Whitelist" again
  11. Extensions are whitelisted. Users can also "Undo" the action if a mistake is made.

mceclip4.png

Analysis Rules Settings - Add Whitelist File Extensions 

Entitled users can whitelist file extensions, within the Probable Ransomware Analysis Rules Settings, by doing the following

  1. Log into Secure and Govern.
  2. Go to the "Settings"
  3. Select "Analysis Rules"
  4. Select "Probable Ransomware"

    mceclip5.png
  5. Select "Add file extension."

    mceclip6.png
  6. "Add" file extensions to the whitelist
  7. Select a "Reason"
  8. Enter "Comments"

    mceclip7.png
  9. Select the "Whitelist," and file extensions are whitelisted

    mceclip8.png

Analysis Rules Settings - Remove Whitelist File Extensions 

Entitled users can whitelist file extensions, within the Probable Ransomware Analysis Rules Settings, by doing the following

  1. Log into Secure and Govern.
  2. Go to the "Settings"
  3. Select "Analysis Rules"
  4. Select "Probable Ransomware"

    mceclip5.png
  5. Go to desired file extension and select the "X" to remove the file extension.
  6. The remove the file extension dialogue appears
    mceclip9.png
  7. Select a "Remove"
  8. The file extension is removed

    mceclip10.png