Antivirus Whitelist Recommendations

[John Petro]

Good Morning,

  running into an issue, which seems to be turning into a game of whack-a-mole.  Our org uses SentinelOne for server antivirus, and it keeps flagging various python scripts, which I know are valid scripts for the modules that are running at that time they get flagged.  I didn't see any whitelisting recommendations for Antivirus software, so was just curious if anyone has run into this and how you got around it.  I was thinking of just having whitelist anything that has AnsiballZ*.py but I am not sure if this will cover everything or not. 

Any guidance folks have would be greatly appreciated.

--John

[Abhisek Dash]

Hi,

I faced the same problem although with a different Antivirus solution.

The key here is to identify the task that the AV solution is flagging as malicious inside a playbook.

To give you an example, in my case a task was flagged where I was trying to access registry values in Windows. So I tried to get the same information through powershell commands instead of querying the registry.

In your case you may need to rewrite the playbook to sort of fly under the radar of your AV solution.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob8E8aGBqM3Bt5t7mGLxCvLVhM6raYiKdMB4UhKQ16SHLw%40mail.gmail.com.