Configure Authorized Software Settings (Windows computers)

Applies To: WatchGuard EPDR, WatchGuard EDR

In an authorized software settings profile, you can configure settings to authorize software or a family of software that you want to allow to run before it is classified. For example, when you know the source of the program and the reason why it has been blocked, you can unblock the program. Examples of programs you might want to unblock include:

  • Specific niche programs with very few users
  • Programs that update automatically from the vendor website without user interaction
  • Programs with functions distributed across hundreds of libraries which are loaded in memory and therefore blocked as and when they are used by the user from program menus
  • Client-server model programs, where the client side is hosted on a shared network resource
  • Polymorphic software which dynamically generates executable files

Authorized software settings can only be assigned to Windows servers or workstations.

Screen shot of WatchGuard Endpoint Security, Authorized Software settings

After a program has been analyzed, WatchGuard Endpoint Security classifies the program as goodware or malware. If the program represents a threat, it is blocked regardless of whether it was authorized in these settings.

To configure authorized software settings:

  1. From the top navigation bar, select Settings.
  2. From the left pane, select Authorized Software.
  3. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.

    The Add Settings or Edit Settings page opens.
  4. Enter a Name and Description for the profile, if required.
  5. To create a new rule, click Authorize Programs.
    The Authorize Programs dialog box opens.

Screen shot of WatchGuard Endpoint Security, Authorize Programs dialog box

  1. To specify the program executable with an MD5 hash code, select MD5.
  2. In the text box, type MD5 hashes for the program you want to add.
    For more information, see Calculate the MD5 of One or More Files
    .
  3. To specify the program you want to add via program properties, select Program Properties.
    • Signature – SHA-1 digital signature of the file. For more information, see Get the Thumbprint of a Signed Program.
    • Product Name – Product name value from the header of the file you want to unblock. To see the product name, right-click the program file and select Properties > Details.
    • File  Path – Path of the program on the server or workstation. Environment variables are accepted.
    • File Name – The name of the file you want to unblock. Wildcards * and ? are accepted.
    • File Version – Version from the header of the file you want to unblock. To see the version, right-click the program file and select Properties > Details.
  4. Click Authorize.
  5. Click Save.
  6. Select the profile and assign recipients, if required.
    For more information, see Assign a Settings Profile.

See Also

Manage Settings Profiles

Exclude Files and File Paths from Scans

Advanced Protection – Operating Modes (Windows computers)