search cancel

Whitelisting files using iCSP Neural

book

Article ID: 229477

calendar_today

Updated On:

Products

Industrial Control System Protection

Issue/Introduction

Files detected by ICSP Neural are trusted and you want to avoid scanning them when the USB device is inserted

Environment

ICSP Neural

Resolution

If you are certain that files detected by ICSP Neural as infected are trusted and do not contain any malware, you can whitelist those files.
WARNING
Whitelisting malicious files prevents ICSP from detecting those. Ensure that you use this feature to whitelist only trusted files which does not contain any malware.
When whitelisted files are detected during a scan, the visualization screen of the scanner station notifies you with an alert that an infected and whitelisted file has been detected.
 
On the Web Interface, a malware event is created for a whitelisted file and specifies that no action was taken as the file is whitelisted. When you connect the USB device containing the whitelisted file to a system, you can access those files.
To whitelist trusted files from scanning
  • Click 
    Scan > Whitelisting
  • On the 
    Whitelisting
    section, click on the file icon
  • Navigate to the trusted file and select it
  • Click 
    Whitelist
When you whitelist a file, the hash value of the file is stored for whitelisting purpose. The whitelisted files are displayed at the bottom of the Whitelisting page. You can perform the following actions for the whitelisted files:
  • Search for specific whitelisted files
  • View the file name, file size, and file hash value
  • Delete any whitelisted file

For more info on whitelisting, visit the online help page: Whitelisting trusted files