Options

Software blocked by EDPR after patch update

I use patch management with WatchGuard EDPR.

For the Phyton software there was an update in patch management. I pushed the update and the installation went without a problem.

When the user wanted to start the software it was blocked bij the Endpoint protection because it was not classified yet.

Why is the patch not classified before it is suggested in Patch Management?

Comments

  • Options
    David_David_ WatchGuard Representative

    Hello, @Jeroen_SSP

    The patch is classified, otherwise you would not have been able to update the program.
    The issue is with the new modified executable file.
    As the program updated, they also modified the main exe file for the program, and by modifying the md5 for the file, they create a new unknown file for the AV.
    So we have to analyse it in order to add it as goodware to our database.

    If you feel safe enough to add the file as Authorised Software, you can do it, so the file will be allowed to be run for as long as it remains unknown or goodware.

    so, next time you update the software, and the main exe file is also modified, we will allow its execution.

    Entering files to authorised software is done under the client´s own responsibility.

    https://www.pandasecurity.com/en/support/card?id=700104

    I hope this explains a little bit the behaviour on this matter.

Sign In to comment.