Block List

Block List prevents the execution of potentially harmful or unauthorized files on the system. To implement this feature, enable the Block by File Hash toggle; EDR sends the download of a hash-based manifest to the agent. Thus, when a user executes a file or process, and if its hash matches any of the entries in the manifest, the agent blocks the file or process.

Perform the following steps from the Configuration tab to enable Block by File option:

Before uploading a file, ensure that hash values are line-separated.
For example:
hash 1
hash 2
hash 3

1. Navigate to Block List and enable Block By File Hash.
2. Add the sha256 hash and click Add. 
3. Click Save.
   
   The following screenshot is an example of a process's SHA256 added to the Block List:
   
   
   Additionally, the agent sends a `hashblocked event` to the server, which provides information about the blocked file or the process and the action executed. The following screenshot is an example of the list of hash-blocked events in the Hunting tab:
   
   
   If you try to execute a blocked application from the command line prompt, the command line displays "Access is denied" message. The following screenshot is an example of the command line prompt: