Custom Allowlist & Blocklist

After selecting Account Settings or a single Device, you can now navigate to the Custom Allowlist or Custom Blocklist tab in the sub sidebar. In this example, we will utilize the Custom Allowlist feature. To add an item to the local allowlist, simply choose either MD5, Digital Signature Thumbprint, or File Path from the dropdown menu.

File Hash

The MD5 is a unique hash value for each individual file. By adding an item to the allow list using its MD5 hash, you can ensure that this specific file will consistently run on the devices within the specified level of permission.

Certificate

Enabling the utilization of a Digital Signature will grant permission for the execution of all files that have been signed by said signature. This feature proves beneficial for individuals or organizations engaged in internal software development or for those experiencing restrictions from PC Matic in relation to a specific publisher. Enter the thumbprint (fingerprint) associated with the desired signature.

File Path

This feature should be used with caution. Allowing an entire folder path will let anything run from within that folder. This will decrease your overall security posture.

If deemed absolutely necessary, specific folders can be added to the allowlist. Any folder or file located below the designated path will be granted execution privileges, even if the file is unknown.

Script

If you are utilizing or developing custom scripts that are being blocked by PC Matic, you can facilitate their execution by including them in the allowlist. This can be accomplished by adding the respective Command Line Arguments and providing a description for each script.

Options

  • Export to Excel - Export your Custom Allowlist to an Excel spreadsheet.
  • Show Known Goods - By default, files classified as Known Good by PC Matic are hidden from the list. Check the box to show them.

Bulk Upload

You can upload a CSV file with multiple items to be added to your allowlist or blocklist. The CSV upload feature supports adding files by MD5, Digital Signature Certificates, File Paths, and Scripts. You can download a sample CSV upload template to ensure correct formatting of the file for upload. To upload your CSV, click the Upload File button and select your file. The file will then be Processed and the page will display the files to be added to your allowlist or blocklist.

Properly formatted items will have a green checkmark and are automatically added to the allow/block list. You can click the Refresh SuperShield List button to see the updated list with your imported items.

Incorrectly formatted items will display a red alert icon. These items will not be imported. You can then click the Confirm button to import just the valid entries, or select the button to reupload a file with corrected data.

Populate Button

You can use the Populate Allowlist button to add all files that have run in a environment to the Custom Allowlist. (MSPs: This button is accessible when viewing the Custom Allowlist at the Customer level.)

The first time you use the Populate Customer Allowlist button, all files that have run in the past 24 hours on all endpoints for that customer will be added to their Custom Allowlist. Using the Populate Company Allowlist button in the future will add all files allowed to run since the previous time the button was used.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles