I need to allow a screen capture/keylogger component of some software we use to function.
The software records phone calls and matches them with key strokes and screen captures for customer service management.
This software uses \WINDOWS\System32\Drivers\PHW2KSYS.SYS.
CSA keeps setting the hosts to Rootkit Untrusted.
I have created a rule to reset the hosts to Trusted, but would rather address this at the source.
The Wizard allwed me to set the hosts to Trusted, but only uses the module hash.
Is there a way I can tell the MC that this file (and probably others to follow)should be allowed?