Revoking a Blacklisted File from the File Entity Page in ATP 2.0 fails.
Advanced Threat Protection (ATP)
The error displayed is: "An error occurred while deleting blacklist":
The problem can occur if the SHA256 Hash Value for the File was deleted from the Policies Page. When a file gets added to the Blacklist from the File Entity Page, both its MD5 and SHA256 Hashes will be added to the Policy automatically:
It is possible to delete the SHA256 Rule Value, leaving only the MD5 Value active:
If the Policy only contains the MD5 Value, the Revoke Blacklist action will fail with the above mentioned error message.
Note:
This problem only applies to the Blacklist option. Adding a file to the Whitelist will only add a file's SHA256 value and will not result in the error as described here.
Delete the remaining MD5 Value from the Blacklist Policies page will effectively Revoke this item.
Note:
The problem will only occur if the SHA256 Value was deleted separately form the Blacklist Policies page. Deleting the MD5 but leaving the SHA256 Value will result in a successful Revoke Blacklist Action.