I added an application to blocklist. Ensured malware protections and blocklist are enabled for the policy. Even after hours of adding, I'm still able to run the application.
What version of Agent are you running? Is it possible one of these bugs is affecting you?
- [BUG] Multiple user blocklist hash types can't be used together · Issue #164374 · elastic/kibana · GitHub
- [BUG] Hash based user blocklist entries are not sent to Endpoint in lowercase · Issue #164373 · elastic/kibana · GitHub
- [SecuritySolution] Windows blocklist paths should be case-insensitive · Issue #158581 · elastic/kibana · GitHub
Thanks ferullo
Seems like our issue is due to the first bug - multiple user blocklist hash types can't be used together. When we tried with a single hash, it worked fine.
Thanks & Regards
Krishna