Does an Adaptive Threat Protection process exclusion have to be explicit?
I'm tuning Adaptive Threat Protection in our environment and I've been writing some exclusions using wildcards for both directories and file name. For example, I'll add "C:\Program Files\Example Software\**\*.exe" in the list of Standard Process exclusions for the OAS with the objective of excluding all files ending in ".exe" in any folder under "C:\Program Files\Example Software".
The ENS Product Guide states "On-access scanStandardprocess exclusions specified by file name or file path apply to allATPscanners, including Dynamic Application Containment and Real Protect.On-access scan exclusions specified by file type or age don't apply toATP.ATPsupports the same wildcards in path-based exclusions asThreat Preventiondoes."
Will my method of wildcarding the process name work for ATP, or is that considered a file type exclusion which won't work? I'd rather not manually create exclusions for every executable that triggers these rules if the process names don't have to be explicit.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.