What is a one sentence summary of your feature request?
Add automatic whitespace trimming to process paths, file info and other fields
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
We periodically add an additional space to the end of a process path or certificate name and this results in the rule not matching our blocked processes, automatically trimming whitespace would resolve this.
We also find that some executables have excessive amounts of whitespace included in their file information, often 10-20 whitespace characters after the file/product name, these all have to be included currently to match correctly which is tedious and likely to introduce errors. Trimming whitespace here would also resolve this issue.
How do you currently solve the challenges you have by not having this feature?
We specifically check for whitespace in process paths and other fields as a first step if a rule isn’t working as expected but this usually means a end client has had their process blocked a second time which looks bad on us.
For file information we choose not to include this if there are any additional spaces in the file name which weaks our security posture, particularly for unsigned EXE we need to approve.
