Currently in SEP 12.1.4, I am unable to add a file in the exception policy area, Application to Monitor, unless it ends in .exe. This is preventing me from whitelisting the hash for a custom .scr file we created. Adding a hash to either be whitelisted or terminated is a great feature, but the current use of it is very cumbersome and in my case unusable.
My suggestion is to allow other application extensions such as the types that are available to me after being detected by SEP as it is "learning applications" like .msi, .scr, .com, and .htm. Our .scr file was picked up and quarantined by SONAR and may have various file paths, so excluding by hash is the best option, but I am unable to do so.
Ideally, the enhancement to SEP wouldn't be to simply allow other extensions to be "monitored", it would also allow the straight hash to be entered. This way, the "monitor" time could be skipped and the file could be added more quickly when excluding files (or terminating/quarantining, which the policy also has an option for).