Revoking a Blacklisted File from the File Entity Page in ATP 2.0 fails.
Advanced Threat Protection (ATP)
The error displayed is: "An error occurred while deleting blacklist":
The problem can occur if the SHA256 Hash Value for the File was deleted from the Policies Page. When a file gets added to the Blacklist from the File Entity Page, both its MD5 and SHA256 Hashes will be added to the Policy automatically:
It is possible to delete the SHA256 Rule Value, leaving only the MD5 Value active:
If the Policy only contains the MD5 Value, the Revoke Blacklist action will fail with the above mentioned error message.
This problem only applies to the Blacklist option. Adding a file to the Whitelist will only add a file's SHA256 value and will not result in the error as described here.
Delete the remaining MD5 Value from the Blacklist Policies page will effectively Revoke this item.
The problem will only occur if the SHA256 Value was deleted separately form the Blacklist Policies page. Deleting the MD5 but leaving the SHA256 Value will result in a successful Revoke Blacklist Action.
Subscribing will provide email updates when this Article is updated. Login is required.