You can create Whitelist policies for files and external computers so that Symantec Advanced Threat Protection (ATP) explicitly allows access to them regardless of their reputation. When you whitelist an item, ATP considers it "trusted" and takes no action on it. For example, if you whitelist a file, ATP does not inspect that file nor does it request a reputation score for it. Whitelisting trusted files and external computers can conserve scanning resources and reduce the number of events that ATP creates. It can also eliminate false negatives.
Create a Whitelist policy to do any of the following:
You must have the Admin role or Controller role to create Whitelist policies.
To create a Whitelist policy
In ATP Manager, click Policies > Whitelist > + Add to Whitelist.
Click the plus sign and select Add to Whitelist.
In the Add to Whitelist dialog box, click the Type drop-down list and select one of the following:
The SHA256 hash value must be 64 characters with values ranging between 0 - 9 and a - f.
You cannot edit the Type or Match Value of a whitelisted item after you add it. However, you can delete it or edit the comment.
See Managing policies.
In the Match Value field, type the value of the whitelisted item based on the type that you selected.
ATP validates the value based on its type. The Match Value appears in the Whitelist policy list as the Rule Value.
Optionally, type a comment in the Comments field.
For example, you may want to specify the file name for SHA256 hash.
Extended ASCII characters do not render properly in .csv format.