Antivirus Whitelist Recommendations

jcpetro · August 14, 2023, 3:20pm

Good Morning,
running into an issue, which seems to be turning into a game of whack-a-mole. Our org uses SentinelOne for server antivirus, and it keeps flagging various python scripts, which I know are valid scripts for the modules that are running at that time they get flagged. I didn’t see any whitelisting recommendations for Antivirus software, so was just curious if anyone has run into this and how you got around it. I was thinking of just having whitelist anything that has AnsiballZ*.py but I am not sure if this will cover everything or not.

Any guidance folks have would be greatly appreciated.

–John

Abhisek_Dash · August 14, 2023, 5:31pm

Hi,

I faced the same problem although with a different Antivirus solution.

The key here is to identify the task that the AV solution is flagging as malicious inside a playbook.

To give you an example, in my case a task was flagged where I was trying to access registry values in Windows. So I tried to get the same information through powershell commands instead of querying the registry.

In your case you may need to rewrite the playbook to sort of fly under the radar of your AV solution.

Topic		Replies	Views
Securely running scripts via ansible on Windows/false positives Get Help windows	2	426	November 1, 2023
Looking to replace AV on Windows Servers using Ansible Ansible Project windows	0	1	May 3, 2022
Running Ansible on a whitelisted system Ansible Developer	1	1	January 10, 2019
Greetings to all! Social Space collections , windows , aws	2	181	December 18, 2023
Using win_regedit to harden Windows server ciphers Ansible Project windows	3	1	July 21, 2016

Antivirus Whitelist Recommendations

Related topics