Apply an Override

The documentation below describes the current Alert Logic console, which was recently updated. This version will be phased out in early 2020. For more information about the new Dashboards navigation, see Managed Detection and Response Navigation Menu Updates.

Alert Logic Extended Endpoint Protection uses a combination of machine-learning attribute analysis and dynamic behavior analysis to identify and block malware. If Alert Logic blocks a program that you want to approve, you can apply an override. Overrides prevent a protection indicator from blocking a specific file path or file hash.

Manage overrides

When you create an override, you add an exception to the protection logic. This exception operates on either the file path or the file hash level, which depends on when Alert Logic blocked the program. Creating an override allows flexibility when needed without compromising your protection. .

To create an override:

  1. Browse to the Events page under the Extended Endpoint Protection tab.
  2. Select the event grouping in the list, and then click Override.
  3. A check mark icon appears next to the incident grouping, indicating that no more incidents will appear on any endpoint that checks into the portal.

To remove an override:

  1. Browse to the Events page under the Extended Endpoint Protection tab.
  2. Select the override you want to remove in the list, and then click Edit.
  3. Click Remove Override(s).