Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 13551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PSEXEC exclusions

Abhijeet Nawale

Hello,

 

We have a situation where PSEXEC is getting blocked as adware, so we want to put an exception for the same while keeping the alerts coming but not blocking the same.

 

What is the best way to achieve this? I mean from application exception under antivirus policy by putting PSEXEC in authorization category? or exception from application control policy by specifying alert message and adding under authorization?

 

Looking for quick help.

 

Thanks,

Abhijeet



This thread was automatically locked due to age.
Parents
  • 0

    Hello Abhijeet,

    a Controlled Application is a (more or less) legitimate application that for whatever reason you don't want to be used. With ApplCtrl you have the option to report it without actually blocking it. This is a general setting though - either you report but permit all applications that are not authorized to run, or you block them. With Adware and PUA you have the option to authorize specific applications but then you won't get an alert. In other words, AFAIK permit but monitor is not possible for PUAs.
    The distinction isn't very clear, Adware and PUA has either a significant "annoyance factor" or has been used for malicious purpose (as is the case with psexec).

    Christian 

Reply
  • 0

    Hello Abhijeet,

    a Controlled Application is a (more or less) legitimate application that for whatever reason you don't want to be used. With ApplCtrl you have the option to report it without actually blocking it. This is a general setting though - either you report but permit all applications that are not authorized to run, or you block them. With Adware and PUA you have the option to authorize specific applications but then you won't get an alert. In other words, AFAIK permit but monitor is not possible for PUAs.
    The distinction isn't very clear, Adware and PUA has either a significant "annoyance factor" or has been used for malicious purpose (as is the case with psexec).

    Christian 

Children
No Data
Unfiltered HTML