Creating a process override

Overrides allow you to identify files and processes that should be allowed or blocked regardless of a Policy's rules.

To create an override for a file shown in the process tree:

1. In the process tree, click a process.

2. In the Process Details pane, click Create Override.

3. In the Create Override dialog box that opens, enter the following information:

   • Select one of the following Allow/Block options:

     • Allow - File Overrides allow a file to execute, regardless of the file's cloud classification.

     • Block - File Overrides block a file from executing, regardless of the file's cloud classification.

   • Select an Override Type to specify whether the file should be identified by its folder/file location or by its MD5 hash value.

     • Folder/File

       • You cannot block based on folders/files; you can only allow folders/files.

       • In the Folder box, type an absolute file path or a file path using a system variable (such as %SystemDrive%) to be specified. Type % to see a list of supported variables.

       • In the File box, type a specific file name or a wildcard. If left blank, all files in the specified folder will be allowed.

       • Select the Include Sub-Folders check box to include subfolders of the specified path.

       • Select the Detect if Malicious check box to detect and remediate the file according to the assigned Policy. Monitoring and journaling are disabled. When this check box is cleared, the detect and remediate Policy settings do not apply to the file.

   • In the Name box, type a name for the override.

   • For Scope, click Global to specify that the rule should apply to all Sites that are configured to include Global settings, or click Site to include just the selected Site.

     • If you select Site, you can associate the override with a Policy, which can be applied to individual Sites, Groups, or devices.

   • Select the Associate with policy check box to apply this override to a default or saved policy.