What function does the cloud whitelist have in Symantec Endpoint Detection and Response 4.0?
Updated On:18-10-2019 10:37
Endpoint Detection and Response
You have added an MD5 or SHA2 hash of an executable file to the cloud whitelist in SEDR 4.0. When reviewing event logs, you may see High severity Tasks generated for the file.
The expected use for whitelisting is that the both MD5 and SHA2 hashes be added, as we submit and track both for file submissions. If only one or the other is added, you may see these files submitted to Cynic and threat feeds and they may show up in Reports and Tasks, based on the Playbooks used.