search cancel

What function does the cloud whitelist have in Symantec Endpoint Detection and Response 4.0?

book

Article ID: 173232

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You have added an MD5 or SHA2 hash of an executable file to the cloud whitelist in SEDR 4.0. When reviewing event logs, you may see High severity Tasks generated for the file.

Resolution

The expected use for whitelisting is that the both MD5 and SHA2 hashes be added, as we submit and track both for file submissions. If only one or the other is added, you may see these files submitted to Cynic and threat feeds and they may show up in Reports and Tasks, based on the Playbooks used.