Technical Support

Need help?

 

How to configure the Authorized software settings in Adaptive Defense products

Information applies to:

Products
Panda Adaptive Defense 360 on Aether Platform
Panda Adaptive Defense on Aether Platform

In Hardening and Lock modes of the Advanced Protection, Adaptive Defense 360 prevents the execution of programs that are unknown by Panda intelligence until they are classified. This situation may create delays for users, above all when the network administrator knows the source of the program and the reason why it has been blocked, for example:

  • Specific niche programs with very few users.
  • Programs that update automatically from the vendor's website without user interaction.
  • Programs whose functions are distributed across hundreds of libraries which are loaded in memoryand therefore blocked as and when they are used by the user from program menus.
  • Programs operating on a client-server model, where the client side is hosted on a shared network resource.
  • Polymorphic software which dynamically generates executable files.
Authorized software and exclusions
In Adaptive Defense 360 there are three features to prevent blocking of programs:

  • Using excluded files and paths: prevents certain items or areas on the computer from being scanned. Unknown software won't be prevented from running. This, however, could represent a security hole and is not recommended for use except where there are problems with the computer's performance.
  • Unblocking programs in the process of classification: temporarily allows blocked programs to run but with a reactive approach: the administrator cannot unblock a program unless it has first beenblocked. As certain software can consist of several components, and each of them may have to be unblocked individually, the cycle of blocking and unblocking can take some time.
  • Configuring authorized software: proactive unblocking of unknown programs in the process of classification. The administrator can assign settings for programs from a known source which can be used provided no risk is detected. This is the recommended method for unblocking programs.
IMPORTANT:
The Authorized software module enables you to approve the execution of executable binary files, excluding script files, standalone DLLs, and other files. If Panda Adaptive Defense 360 blocks a program because it loads an unknown DLL, authorize the executable file specified in the pop-up message shown on the user?s computer. After the programis authorized, all DLL files and resources it uses are also allowed.

Authorized software settings
Accessing the settings
  • Click the Settings menu at the top of the console, then Authorized software in the side menu.
  • Click Add to open the Add settings window.
    Note: Authorized software settings can only be assigned to Windows servers or workstations.

Required permissions

PermissionAccess type
Configure authorized softwareCreate, edit, delete, copy, or assign authorized software settings.
View authorized software settingsView the authorized software settings.


Authorized software module functions
Network users will be able to run unknown software which is in the process of classification as long as the network administrator has permitted it by using an authorized software rule. Once it has been analyzed, Adaptive Defense 360 classifies the program (goodware or malware). If the program represents a threat, it will be blocked regardless of whether it appears in the authorized software settings.

Authorized software module settings
Authorized software settings consist of one or more rules, each of which refers to a single software component or family of programs which Adaptive Defense 360 will allow to run even though it has been blocked because its classification is not yet known.

Creating an authorized software rule:

Click the "+" Authorize programs link to create a rule with the information shown below, and then click Authorize:

FieldDescription
NameRule name.
MD5MD5 hashes of the files AD360 will allow to run.
Product nameThis is the Product name field from the header of the file to be unblocked. To get this value, right-click the program and select Properties, Details.
File pathPath of the program on the server or workstation. System environment variables are accepted. Authorized software exclusions do not exclude any sub-directories within an excluded directory.You must specify each file path.
File nameFile name. Wildcards * and ? are accepted.
File versionThis is the Version field from the header of the file to be unblocked. To get this value, right-click the program and select Properties, Details.
SignatureThis is the digital signature of the file.

Deleting an authorized software rule:
  • Click the trash icon to the right of the authorized software rule to delete.
  • Click Save in the top right of the screen to save the newly edited authorized software settings.
Editing an authorized software rule:
  • Click the name of the authorized software rule. The Authorize programs window appears.
  • Edit the rule properties and click Authorize.
  • Click Save in the top right of the screen. The authorized software settings will be updated.
Copying an authorized software rule:
  • Click the Copy icon to the right of the authorized software rule to copy. The Authorize programs window appears. The Name contains the name of the rule with the prefix Copy of.
  • Edit the rule properties and click Authorize.
  • Click Save in the top right of the screen. The authorized software settings will be updated.

Calculating the MD5 of one or more files
There are many tools available to calculate the MD5 of a file. In this section, the PowerShell tool in Windows 10 is used.

  • Open the folder containing the files, click the File menu of the file explorer and click Open Windows PowerShell. A window with the command line appears.

  • Enter the following command and replace $file with the file path. Wildcards * and ? are accepted.
    PS c:\folder> Get-FileHash -Algorithm md5 -path $files
  • To copy the MD5 hashes to the clipboard, press the key Alt and without releasing, select the hashes with the mouse pointer. Then press Control + c.
  • To paste all the MD5 hashes from the clipboard to the Adaptive Defense 360 console, click the MD5 field of the authorized software rule and press the keys Control + v.
  • Click Authorize and then Save in the top right of the screen. The authorized software settings will be updated.

Getting the thumbprint of a signed program

  • Right-click the file and select Properties from the context menu.
  • In the Properties window, select the Digital signatures tab.
  • In the Signature list, select the signature and click Details. The Digital signature details window appears.
  • In the Digital signature details window, select the General tab and click View certificate. The Certificate window opens.
  • In the Certificate path, click the Certification path tab and check that the final node of the certification path is selected.
  • In the Certificate window, click the Details tab and select the field Thumbprint.
  • Select the character string from the text box displayed and press the keys Control + c to copy it to the clipboard.
  • Click the Signature field of the authorized software rule and press the keys Control + v to paste the thumbprint to the Adaptive Defense 360 console.
  • Click Authorize and then Save in the top right of the screen. The authorized software settings will be updated.

Help nº- 20231027 700104 EN
ALWAYS ONLINE TO HELP YOU TWITTER FORUM
ALWAYS ONLINE TO HELP YOU TWITTER FORUM