To create and configure an approval or ban for a single file, perform the following procedure.

Procedure

  1. On the console menu, click Rules > Software Rules.
  2. Click the Files tab.
  3. Click the Add File Rule button. The Add File Rule page opens, with Approval as the default Rule Type.
  4. Specify the rule details and the file to be approved or banned. See File Rule Parameters for a full list of parameters and rule information.
    Note: Additional options appear on the Add File Rule page if you have enabled Unified Management of multiple servers. See Unified Management of Rules.
    1. Provide a Rule Name to identify the rule in the table.
    2. Select the Rule Type — Approval, Ban, or Ban (Report Only). If you select Ban, a warning states that the Ban can stop matching files that are currently running. See Enabling Bans to Stop Running Processes.
    3. If the rule is a Ban, choose the Type (Hash or File Name).
    4. For Hash rules, specify the type of hash (MD5,SHA-1,or SHA-256).
    5. For File Name Bans, select the platform to which the rule will apply (Windows, macOS, or Linux).
    6. Enter the Hash Value or File Name that will identify the file.
    7. Optionally, provide a Description.
    8. In the Rule Applies To field, select All policies or specify the Selected policies to which the rule will apply.
  5. To create the approval or ban, click Save.

Results

The rule appears on the File Rules table. Group the table by Type (the default) to see Bans together, Report Only bans together, and Approvals together.