New features in 8.10.0

The following are the new features available with the Xprotect version 8.10.0 released on the 18th of September, 2020:

Add Whitelist Alerts to Policies as Rules

On the Alerts > Summary page, select One or more Whitelist Alerts (Alert Category = Whitelist), click Add to Policy as Rules (from the floating panel on the top), and add the Alerts to the relevant Xprotect Policies as Whitelist Policy rules. 

Do the following on the Policy Simplifier fly panel:

  • To add an Alert as a Policy rule, make changes to the Policy Rule (on the right), select the rule, and drag and drop the rule to the relevant Policy and stack (in the left pane with the list of Policies and stacks). Do this for all rules you selected from the Alerts > Summary page.

  • For an Alert that is generated for the same path with multiple MD5s or commands, enable the switches next to the MD5s or commands to add them in a rule you are adding to the Policy.

  • Optionally, click the 3-dot menu and click View Related Alerts to see all the Alerts generated for the files/processes related to the MD5s you selected to override.

  • Optionally, if you decide you do not want to convert an Alert to a rule, click the 3-dot menu for an Alert/rule and click Delete from List to delete the rule from the Policy Simplifier fly panel view.

  • Ensure that you move all Alerts/rules to a relevant Policy (Unassigned = 0 (Zero) in the left pane) and click Save Policy. Do this for all Policies and save them One by One.

  • Optionally, click Push after Save to push the new rules to the hosts that use the Whitelist Policy.

After you save the Alerts as rules in the Policies, the Alerts that you converted to rules do not appear in the Alerts list, on the Alerts > Summary page.

Use Trust Alerts to override MD5s of files

On the Alerts > Summary page, select One or more 'Unknown' Trust Alerts (Alert Category = Trust AND Trust = Unknown), click MD5 Override (from the floating panel on the top), and override the MD5s of the files that generated these Trust Alerts. 

Do the following on the Policy Simplifier fly panel:

  • To override an MD5, select One of the following values of Trust ( High Risk, Medium Risk, Low Risk, or Good) from the Trust column. 

  • Search the Alerts you selected by the MD5s, filenames or file paths that generated the Alerts in the Search box (located at the top of the Policy Simplifier fly panel).

  • Optionally, enter the VirusTotal link for the file/process in the Reference Link text box and a short description about the override. 

  • Optionally, click the 3-dot menu and click View Related Alerts to see all the Alerts generated for the files related to the MD5s you selected to override.

After you override and save the MD5s, the Alerts for which you override the MD5s do not appear in the Alerts list, on the Alerts > Summary page. You will see Alerts in the future for the MD5s you overrode; this is dependent on the AutoTrust settings in the related Policies.

File protect and USB protect policies on Linux hosts

On the Policies page, click Policy Settings and enable the USB Protect and File Protect features for Linux-based Xprotect Policies. The USB Protect and File Protect features only work with XProtect's Linux driver versions.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.