Allowed File Types Policies
If a ransomware attack is detected for a known file extension, and alerts are being generated on the Alerts screen, then that file extension can be added to an allowed file types list to prevent unnecessary alerting.
Navigate to Workload Security > Policies and go to the Allowed File Type Policies tab.
Once added to the allowed file types list, no ransomware attack alert will be generated for that allowed file type. Note that the Allowed File Types policy is only applicable for ransomware detection.
For example, if a file named test.txt is renamed to test.txt.abc and Workload Security is detecting a ransomware attack because of the .abc extension, the .abc extension can be added to the allowed file types list. After being added to the list, ransomware attacks will no longer be generated against files with the .abc extension.
Allowed File Types can be exact matches (e.g., ".abc") or expressions (e.g., ".type", ".type", or "type"). Expressions of types “.a*c”, “.p*f” are not supported.