Authorized software and exclusions

In Advanced EDR, three features prevent program blocking:

  • Excluded files and paths: Excludes specific items or areas on the computer from scans. Unknown software will not be prevented from running. Because this can lead to a security hole, we do not recommended this except where there are problems with computer performance. For more information, see Files and paths excluded from scans.

    Only the folder in the specified path is excluded. Subfolders are not excluded.

  • Unblocking programs in the process of classification: Temporarily allows blocked programs to run but with a reactive approach. The administrator cannot unblock a program unless it has first been blocked. Because software can consist of several components, and you must unblock each component individually, the process to block and unblock can take some time.

  • Configure authorized software: Proactive unblocking of unknown programs in the process of classification. This module is useful when advanced protection is in Lock or Hardening mode and finds an unknown program, preventing its use.

The Authorized Software module enables you to approve the execution of executable binary files, excluding script files, standalone DLLs, and other files. If Advanced EDR blocks a program because it downloads an unknown DLL, authorize the executable file specified in the pop-up message shown on the user computer. After the program is authorized, all DLL files and resources that it uses are also allowed.

Software authorized by a partner

By default, you cannot edit or delete the Authorized Software settings inherited from a partner. The partner can configure the list of authorized software to be editable. The settings profile shows a label, Editable Settings. In this case, you can add authorized software but you cannot delete or edit the list of software defined by the partner.

If your partner changes the status of the settings from editable to non-editable, the authorized software you added will no longer apply. Only the software from the partner applies. If the partner changes the configuration again to be editable, then the authorized software you added is restored and applied.