What function does the cloud whitelist have in Symantec Endpoint Detection and Response 4.0?
Last Updated December 18, 2018
You have added an MD5 or SHA2 hash of an executable file to the cloud whitelist in SEDR 4.0. When reviewing event logs, you may see High severity Tasks generated for the file.
The expected use for whitelisting is that the both MD5 and SHA2 hashes be added, as we submit and track both for file submissions. If only one or the other is added, you may see these files submitted to Cynic and threat feeds and they may show up in Reports and Tasks, based on the Playbooks used.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe