What's the best practice for dealing with false positives with regard to App Rules.
For example, we have an application that runs out of the 'AppData' directory and is unsigned. Because of this the Respond module continually alerts that it thinks that something is malicious and triggers a rule from the Endpoint Bundle.
I have a list of file hashes that are clean and not malicious that I want to 'allowlist' from these types of alerts.
I don't want to remove the meta completely from the system but I also don't want to these alerts to keep triggering.
What are my options here and what is the 'best course of action' for this case.