Whitelisting a Threat

Any threat detected or blocked by ThreatResponder service on your computer will be displayed in the Threats section.

Whitelisting a process means that you mark it as a false positive. That means that the next time the process is executed, it will no longer be blocked o detected.

Instructions

1. To whitelist a threat, go to the Threat Activity section.

A calendar and filters by endpoints, detection engine and triggerd by, are provided there so you can find the threats you want faster.

• Click on the Calendar and select a time range for the Threat Activity list. Click on Apply.
  
• Click on Filter by Endpoint and select an endpoint
  

2. Select the threat that you want to whitelist and click on the Actions button. This button will only be displayed for Blocked threats. Click on Don't detect this process next time.

Click on YES when asked if you want to mark the process as a false positive.

The status of the threat will change from Blocked to Whitelisted.