Is it possible to tune out noise from endpoints generating tons of events that are flagged by the "Remotely Accessing local files or folders" rule? Tried excluding via path **\Folder\** etc with wildcard to exclude any files in "Folder" anywhere on the system but it's not having any impact, they are still reported and logged.
@mattschm At this time, you cannot selectively filter events based on what is triggering them. The report mechanism is either On--Report All, or Off--Report Nothing.
The closest you could get to doing this would be excluding the process that is triggering the rule, from the rule, which then would be allowing the action. So, if you choose to do this, then be sure that you are okay with the activity of the process being allowed.
With Access Protection, only processes can be excluded, not files/folders. So, if you are comfortable with the above, and do want to implement some exclusions, then you would need to configure your **\Folder\** exclusion to instead be formatted to specify any process, such as; **\Folder\*.exe. This is any process under named Folder under any directory. Please be advised, that the less specific you are, the wider the "security gap" becomes in regards to the rule.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?