Configure the Avert Library Item

By Emalee Firestein

Learn how to configure and deploy the Avert Library Item

Add an Avert Library Item to your Library

  1. In the left-hand navigation bar, navigate to Library.
  2. In the upper right corner, click the "+ Add new" button.
  3. Scroll to Endpoint Security and select Avert.
  4. Click the Add & Configure button.
  5. Give the Avert Library Item a Title. Use the title to differentiate this Library Item from other Avert Library Items.
  6. Assign this Library Item to Blueprints containing devices you would like to target.

Configure General Settings

Configure the individual Malware and PUP posture mode preferences for your environment.

  1. Specify the desired posture setting for Malware.
  2. Specify the desired posture setting for PUP.
NOTE: Detect mode will scan and report known malicious items. Protect mode will scan, report and automatically quarantine known malicious items.

Configure Allow and Block lists

Allow and Block lists can be used to ensure that specific files or applications are always allowed or blocked in your environment regardless of whether or not a file or application is known to be malicious in Kandji Avert's threat feeds.

  1. Click the  "Add item" button.
  2. Give the item a Name.
  3. Specify the item type Hash or Path for the file or application.
  4. If Path was selected, enter the application or file path. If Hash was selected, enter the file hash.
  5. Select Allow to allow a file or application. Select Block to block the file or application.
  6. Click Add to add the item to the Allow and Block list. Optionally, select the "Add another item" checkbox in the lower-left corner prior to clicking the Add button to add additional items.
  7. Click the Save button to save the Avert Library Item to your library.
Block items are considered Malware and require the Malware posture to be in Protect mode to be blocked on the device.
The Hash item type is only supported for files. The Path item type is supported for both files and applications.
The following command can be used in Terminal to determine the SHA256 hash value of a file.
shasum -a 256 /path/to/file

Next Steps

Please see the Endpoint Detection & Response - Testing Malware Detection support article to see EDR in action.