I'm trying for so long to exclude my other EDR + NAC access, but nothing seems to work.
Basically, it's going under these 2 rules:
Remotely accessing local files or folders
Remotely creating or modifying files or folders
Event ID 1092.
ENS is version 10.7.0
I tried going to the Access Protection, and put them inside the exclusions, and also in the rules, by the specific rule and add them to the exclude list.
What else can I do? I went crazy with this.
Something that I noticed in this thread:
My Source file path is "SYSTEM:REMOTE",
Is that make a difference?
Thanks for reaching out to community.
Can you try adding exclusions on the global exclusions within the access protection and check if that resolves the issue?
Screenshot for your reference.
Was my reply helpful?
Kindly give me a Kudo. If I have answered your query, can you accept this as solution, so that together we can help other community members.
Can you confirm if the policy is applied to the Endclient?
Are you able to see the exclusions you make on the ePO in the end machine as well?
Was my reply helpful? If yes, Give me a Kudo.
If this resolves your query, kindly mark this as solution, so that together we help other community members.
If issue reproducible, I request you to follow KB91797
Gather debug enabled MER logs and open an SR so that we can see what is the issue in detail.