Here is a use case. One of our computers is used for demo purposes, and the demo includes uploading a file that knowingly contains a malware and demonstrating that the malware is detected.

We use a specific type of malware: OF97/EicarDrp-A, and we attempted to create a dedicated policy just for this computer that excludes this type of malware. However, this turned out to be impossible. Using a "Potentially Unwanted Application" exclusion type and setting it to "OF97/EicarDrp-A" didn't work. The support engineer advised to use "File or folder" exclusion type (case number 03580697), which is quite insecure (the user can store ANY malware under the whitelisted name, not just the approved OF97/EicarDrp-A).

Please add a possibility to exclude a specific threat from an endpoint policy.