I need some help for ENS exclusions. As per KB KB89540 we had added the rule for PSEXESVC however, I need to allow one user or IP Address to be in exclusion. I talked to support team they suggested that we add the user id in exclusion. I have added it then from source system this isn't getting blocked however, on the remote machine it's getting blocked as it launches it with user id NT AUTHORITY\SYSTEM .
Has anyone encountered this problem after rule creation ? If yes, can you please suggest me any possible solutions or any workarounds ? or any psexec command that may work in such scenarios.
Below is the transcript from the KB Article.
Create a new rule with an inclusion status of "Include" using * for the File name or Path Create a sub-rule with a type of "files," and for a target include **\PSEXESVC.EXE Select the action to prevent creation