== White-listing ==
* Soon after installation it can recognise potentially useful software as a threat. For example if you have UltraVNC installed it will flag up UltraVNC.exe and RealVNC.exe. There's a risk that a user, when prompted, will choose to remove or quarantine such files and remove the administrator's ability to connect. Administrative users can allow, quarantine or remove suspicious files where as Limited users can only remove or quarantine suspicious files. Administrators will want to white-list any such programs that should not be considered a threat, upon installation.
White-listing can be performed manually using: Show details → Recommendation → Select an action → Allow → Apply actions (note that Close means 'don't take any action at this point') → Close - this is saved system-wide.
Once whiteWhite-listing has been done manually on one machine, it is saved in the registry so can be automated on other machinesin any of the usual ways, see the [[Adding_Registry_Settings | registry editing section]]. The following registry key "keys and values are relevant: * <code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction" </code>This contains a list of signatures which are allowed and the action to perform (for example . 00000006 relates to the action "Allow". * <code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes</code>This registry key can be applied to other machines in any of the usual ways, for example by exporting it to filenamecontains exclusion processes.reg then importing it to others using "regedit * <code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths</s filename.reg"code>This contains exclusion paths. Continuing with the above example, to allow RealVNC and UltraVNC the registry file should look like this:
<source lang="reg">
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction]
; Allow RealVNC
; Allow UltraVNC
"16555"=dword:00000006
</source>
Also, to set up ; Set an exclusion paths and processes, include the following: <source lang="reg">process for winvnc.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
"C:\\Program Files\\UltraVNC\\winvnc.exe"=dword:00000000
; Set an exclusion path for winvnc.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
"C:\\Program Files\\UltraVNC\\winvnc.exe"=dword:00000000