Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configuring the Avert Library Item

            By Emalee Firestein

            Learn how to configure and deploy the Avert Library Item

            The Endpoint Detection & Response add-on is required to use this Library Item.

            Add an Avert Library Item

            1. Navigate to Library in the left-hand navigation bar.
            2. Click Add New on the top-right, and choose Avert.
            3. Click Add & Configure.
            4. Give the new Avert Library Item a Name
            5. Assign to your desired Assignment Maps or Classic Blueprints.

            Configure General Settings

            Configure the individual Malware and PUP posture mode preferences for your environment.

            1. Specify the desired posture setting for Malware.
            2. Specify the desired posture setting for PUP.
            Detect mode will scan and report known malicious items. Protect mode will scan, report and automatically quarantine known malicious items.

            User Alerts

            When turned on, user alerts will notify end users when EDR has quarantined Malware or PUPs on their Mac computers. User alerts are turned on by default but can be turned off to suit certain workflows.

            1. Click the toggle switch next to Notify Users to turn user alerts on or off.

            End users can view a list of files quarantined on their Mac computers by opening Self Service and clicking on Quarantine from the left-hand navigation menu.

            Configure Allow and Block lists

            Allow and Block lists can be used to ensure that specific files or applications are always allowed or blocked in your environment regardless of whether or not a file or application is known to be malicious in Kandji Avert's threat feeds.

            Block items are considered Malware and require the Malware posture to be in Protect mode to be blocked on the device.
            1. Click the  "Add item" button.
            2. Give the item a Name.
            3. Specify the item type Hash or Path for the file or application.
            4. If Path was selected, enter the application or file path. If Hash was selected, enter the file hash.
            5. Select Allow to allow a file or application. Select Block to block the file or application.
            6. Click Add to add the item to the Allow and Block list. Optionally, select the "Add another item" checkbox in the lower-left corner prior to clicking the Add button to add additional items.
            7. Click the Save button to save the Avert Library Item.

            Determine Hash Value

            The Hash item type is only supported for files. The Path item type is supported for both files and applications.

            The following command can be used in Terminal to determine the SHA256 hash value of a file.

            shasum -a 256 /path/to/file

            View Edit Details in the Avert Library Item

            You can audit changes to the Avert Library Item in the Activity tab of the Library Item or the Global Activity section of the Kandji Web App. This will show what configurations were changed, what the previous state was, and who made the change.

            1. Click on Activity in your Avert Library item or the left navigation menu.
            2. Select the disclosure triangle next to Library Item Edited for the entry you'd like to review.

            Next Steps

            Please see the Endpoint Detection & Response - Testing Malware Detection support article to see EDR in action.

            Preview
            0 of 0