Local whitelist and predictive whitelisting

If this setting and the Automatically start learning local whitelist setting are enabled, the Linux agent scans the file systems and automatically creates a local hash file at startup if it does not already exist, and uses it as a local whitelist to allow files to be executed if the corresponding file hash is included in the list.

The scan processes all ELF binaries and scripts starting with #! start, in all or in the specified directories configured with the setting Directories learned for local whitelist (Linux).

Limitation:

The Linux agent is not notified of system or software updates, so if updates are made during or after the local whitelist scan, these new hashes are not included in the hash database and cannot be executed unless a new hash scan is started. If the local whitelist is used to whitelist important files of the operating system, it is recommended to disable automatic updates.