Turning learn mode on
To add software and devices that are used in your network to
your whitelist, you can use an automatic learn mode.
A learn mode is a configuration option that instructs the
Appliance to NOT deny hashes that are not in the whitelist, but
allow them instead, and also add them to the whitelist.The idea is
to allow and "learn" these hashes. You can have multiple learn
modes, which can be useful in case you want to choose individual
objects to learn from.
Turn on the learn mode by selecting the "Server config" tab,
then the "Learn mode" tab:
During a learn mode, the Appliance will only learn new (unknown)
hashes which are checked by an Agent. Hashes which are already in
the whitelist will not be learned since they are already known
(even if that hash may not have an "allow" policy associated with
it, which would result in the program being effectively
Use the classification string to define what exactly you expect to
be learning. This will help you keep track of the software that you
add to the whitelist.
A semicolon can be used as a separator:
"SecuLution;AdminWizard" will result in:
There is no limit for the depth, you can use
For your initial learn mode you can use "added in learn mode".
Turn learn mode off
To turn off a learn mode, just press the trashcan icon of the
learning mode you want to delete: