Create a list

Complete these tasks to create a list.

Block lists

Block lists are used to define whether a policy should block access or monitor access when users make requests to outside resources.

These are the types of block lists:

  • Custom lists. Defines known and suspected domains and/or IP addresses that you want to block or monitor, or domains and URLs that you want to block or monitor.

  • Top-level domain lists. Defines country-code top-level domains (ccTLD) and generic top-level domains (gTLD).

  • File hash block lists. Defines the hashes of files that you want ETP to block.

  • URL block lists. Defines URLs that you want to block or monitor.

Add a custom list

Use a custom list to define known and suspected IPs and domains. You need to be an ETP administrator to perform this task.

To add a custom list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the plus sign icon (IMAGE_STUBIMAGE_STUB) and select New Custom List.

  3. Complete the Name and Description fields.

  4. Select a Category:

    • Malware. Domains and IP addresses of known or suspected malicious malware.

    • Phishing. Domains and IP addresses of known or suspected phishing websites that gather user credential information.

    • C&C. Domains and IP addresses used by malicious C&C servers.

    • DNS Exfiltration. Domains and IP addresses that serve as a communication channel over DNS. This channel may be used to steal sensitive data or circumvent traditional access restrictions by allowing malware to communicate outside the network.

    • Other. Domains or IP addresses that are not associated with a specific threat category.

  5. To add known or suspected domains and IP addresses:

    1. Go to the tab that corresponds to the domain or IP address you are providing. For example, if you want to enter a known domain, go to the Known Domains tab.

    2. In the provided field, enter the domain or IP address.

    3. Repeat these steps for all the known and suspected domains or IP addresses that you want to provide.

  6. If you want to use a text file to specify multiple domains or IPs, see Configure and upload a custom list text file.

  7. Click Save. If you want to save and deploy the list, click Save and Deploy.

Next steps

  1. Assign the custom list to a policy. For instructions, see Add a block list to a policy.

  2. If you haven't deployed the list, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Add a top-level domain list

An ETP administrator can create a top-level domain list. Each top-level domain that you provide is added to the quota for list entries.

  • You cannot create a top-level domain list that contains the com, org, and net top-level domains.

  • You cannot select a category for a top-level domain list. By default, this list is assigned to the Other category.

To add a top-level domain list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the plus sign icon (IMAGE_STUBIMAGE_STUB) and select New Top Level Domains List. The page to configure a top-level domains list appears.

  3. In the Name field, enter a name for the list.

  4. In the Description field, enter a description for the list.

  5. In the provided field, enter a top-level domain. Make sure to omit the dot before the top-level domain.

  6. If you want to upload a text file to specify multiple entries, see Configure and upload a top-level domains list text file.

  7. Click Save. If you want to save and deploy the list, click Save and Deploy.

Next steps

  1. Assign the list to a policy as described in Add a block list to a policy.

  2. If you haven't deployed the list, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Add a file hash block list

You can create a list that contains the hashes of files you want to block.

You must be an ETP administrator to perform this task.

If you need to generate a hash for a file, see Generate a hash value.

To add a file hash block list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the plus sign icon (IMAGE_STUBIMAGE_STUB) and select New File Hash Block List.

  3. In the List Name field, enter a name for the list.

  4. In the Description field, enter a description for the list.

  5. In the provided field, enter or paste the file hashes. Make sure you enter each hash in SHA-256 and it's formatted with 64 hexadecimal characters.

  6. Click Save. If you want to save and deploy the list, click Save and Deploy.

Next steps

  1. Add the file hash list to a policy. For instructions, see Add a block list to a policy.

  2. If you haven't deployed the list, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Add a URL block list

You can create a URL block list containing one or more URLs and add it to a policy. When you add it to a policy you can specify the policy action to perform when users make requests to the URLs.

You must be an ETP administrator to perform this task.

To add a URL block list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the plus sign icon (IMAGE_STUBIMAGE_STUB) icon and select New URL Block List.

  3. Enter a list name and description.

  4. In the Enter URLs area, enter one or more URLs that you want ETP to block or monitor. For more information, see Specify URLs in lists.

  5. If you want to use a text file to specify multiple URLs, see Configure and upload a URL block list or URL exception list text file.

  6. Click Save. If you want to save and deploy the list, click Save and Deploy.

Next steps

  1. To add the URL block list to a policy, see Add a block list to a policy.

  2. If you haven't deployed the list, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Add a block list to a policy

Before you begin

If you plan to assign users and groups that can access blocked websites in a custom list, make sure you complete these configuration steps in the policy settings.

  1. Enable ETP Proxy.

  2. Select Require or Optional as an Authentication Mode.

  3. Associate an IdP to the policy.

For more information, see Require authentication to access a website or web application.

To associate a list with a policy, you add the list to the policy. You need to be an ETP administrator to perform this task. If you are a delegated administrator or a strict delegated administrator, you can modify the policy you created or the policies that you are allowed to access.

To add a block list to a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. If you are modifying an existing policy, click the name of the policy that you want to edit.

  3. Click the Custom Lists tab.

  4. Click the Block Lists tab, then:

    1. Click the chain icon (IMAGE_STUBIMAGE_STUB) to the right of the block list type you want to add to the policy.

    2. In the window that displays, select one or more lists and click Associate.

    📘

    All Block lists added to a policy are assigned the Monitor action by default.

  5. To change a list's Action value to Block, expand the rows on the Block Lists tab until you see the specific Block list. Click the Action value and select Block. You can select one of these options as the response to a user:

    • Error Page. You can show an ETP error page to the user. If you select this option, you can also select a Security Connector when it’s configured as a sinkhole. For more information about Error pages, see Customize error pages. For more information about Security Connector, see Security Connector as a DNS sinkhole.
    • Any custom response. You can select a specific custom response to direct traffic for this list to a custom response.
    • Refused Response. You can show a browser-specific error message. This option is available only if ETP Proxy is enabled.
  6. If you assigned the block action to a custom list and you want to configure specific users and groups that can access known or suspected threats in a list, complete these steps:

    1. In the Exceptions column for a list, click the link icon.

    2. In the Groups tab, select a group or groups.

    3. In the Users tab, search for the users and select a user or multiple users. If the user you searched for is not in the search results, you can click the add icon to add the user to the selected list.

    4. Click Associate.

  7. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.

Exception lists

Exception lists are used to define the specific traffic and file hashes that you don’t want scanned by ETP or ETP Proxy. If ETP Proxy is enabled, the proxy does not scan the domains, IP addresses, URLs, or file hashes in exception lists. By default, when a user associates an exception list to a policy, it's assigned the bypass policy action.

These are types of exception lists:

  • Custom exception lists. Specifies domains and IP addresses that are bypassed by ETP policy. If ETP Proxy is enabled, these domains and IP addresses are bypassed by the proxy.

  • File hash exception lists. Specifies the hashes of files that you don't want scanned by ETP Proxy.

  • URL exception lists. Specifies one or more URLs that you don't want the ETP Proxy to scan.

Add a custom exception list

A custom exception list contains the domains and IP addresses that bypass ETP and go directly to the origin. Each domain or IP address that you provide is added to the quota for list entries. Like any custom list, you can associate an exception list with a policy.

You need to be an ETP administrator to perform this task.

To add a custom exception list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the plus sign icon (IMAGE_STUBIMAGE_STUB) and select New Custom Exception List.

  3. Enter a name and description.

  4. Click the Exception List IPs tab and enter one or more IP addresses that you want directed to the origin.

  5. Click the Exception List Domains tab and enter one or more domains that you want directed to the origin.

  6. If you want to upload a text file with multiple domains or IP addresses, see Configure and upload a custom exception list text file.

  7. Click Save. If you want to save and deploy the list, click Save and Deploy.

Next steps

  1. Assign the custom exception list to a policy as described in Add an exception list to a policy.

  2. If you haven't deployed the list, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Add a URL exception list

You can create a URL exception list that specifies one or more valid URLs. When a URL exception list is added to a policy, ETP will bypass security when users make requests to any of the specified URLs.

You must be an ETP administrator to perform this task.

To create a URL exception list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the plus sign (IMAGE_STUBIMAGE_STUB) icon and select New URL Exception List.

  3. Enter a name and description.

  4. In the space provided, enter one or more valid URLs that you do not want ETP Proxy to scan. See Specify URLs in lists for more information.

  5. If you want to use a text file to add multiple URLs, see Configure and upload a URL block list or URL exception list text file.

  6. Click Save. If you want to save and deploy the list, click Save and Deploy.

Next steps

  1. To add the URL exception list to a policy, see Add an exception list to a policy.

  2. If you haven't deployed the list, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Add a file hash exception list

You can specify the hashes of files that you don’t want scanned by ETP Proxy.

If you need to generate the hash for a file, see Generate a hash value.

You need to be an ETP administrator to perform this task.

To create a file hash exception list that you can assign to a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the plus sign icon (IMAGE_STUBIMAGE_STUB) and select New File Hash Exception List.

  3. In the List Name field, enter a name for the list.

  4. In the Description field, enter a description for the list.

  5. In the provided field, enter or paste the file hashes. Make sure you enter each hash in SHA-256 and it's formatted with 64 hexadecimal characters.

  6. Click Save. If you want to save and deploy the list, click Save and Deploy.

Next steps

  1. Add the file hash list to a policy. For instructions, see Add an exception list to a policy.

  2. If you haven't deployed the list, deploy it to the ETP network. For instructions, see Deploy configuration changes.

Add an exception list to a policy

If you want to associate a list with a policy, you need to add the list to the policy.

You need to be an ETP administrator to perform this task. If you are a delegated administrator or strict delegated administrator, you can modify the policy you created or the policies that you are allowed to access.

To add an exception to a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. If you are modifying an existing policy, click the name of the policy that you want to edit.

  3. Click the Custom Lists tab.

  4. Click the Exception Lists tab, and do the following:

    1. Click the chain icon (IMAGE_STUBIMAGE_STUB) to the right of the exception list type you want to add to the policy.

    2. In the window that displays, select one or more exception lists and click Associate.

      📘

      All exception lists added to a policy are assigned the Bypass action. This cannot be changed.

    3. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps
If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.

Generate a hash value

If there are files that you don't want scanned by ETP Proxy, you can add the hash value of these files to a file hash exception list. Files that are included in a file hash exception list automatically bypass ETP Proxy. You can also add hash values to a file hash block list.

Depending on the operating system, complete this procedure to generate a hash value that you can copy to a file hash list:

On Windows:

  1. Open a PowerShell window.

  2. Change directories to the location where the file is located.

  3. Enter this command:

    get-FileHash [filename] -Algorithm SHA256

    where [filename] is the filename.

Next steps

Copy the hash value to a file hash exception or block list. To create a file hash exception list or a file hash block list, see Add a file hash exception list or Add a file hash block list.

On Mac:

  1. Open a terminal window.

  2. Enter this command:

    shasum -a 256 <fileLocation>

    where <fileLocation> is the full path of the file. You can also drag and drop the file to the terminal window.

Next steps

Copy the hash value to a file hash exception list or block list. To create a file hash exception list or a file hash block list, see Add a file hash exception list or Add a file hash block list.


Did this page help you?