9 Replies Latest reply on Apr 3, 2014 4:21 PM by pmclachlan

    Can I exclude .dll files?

    pmclachlan

      Is there any way to exclude .dll files from the "threat target path" of the rule "Prevent common programs from running files from the Temp folder"?

       

      I'm getting around 100 alerts from known ok processes that we require to run out of the temp directory, and we only have about 30 users.

       

      I know I can exlude iexplore.exe from the rule, but then I feel we would be left wide open, as that's where a lot of things originate.

       

      Most alerts are from counters.dat, it would be awsome to be able to create an exception so that target file wouldn't trigger an event.

       

      Thanks for any help .

       

      on 26/03/14 2:41:55 EDT PM