Hi, I have a problem with adding an exclusion to Access Protection Policy for servers.
I try add a process "C:\Program Files\Java\jre7\bin\client\jvm.dll" to exclude list in built-in rule "Prevent svchost executing non-Windows executables"
I've set the following settings for "Servers" (below). I've checked that agent has a "Server" tag. I've pushed policy to an agent.
But, process "C:\Program Files\Java\jre7\bin\client\jvm.dll still generates a lot of detection by this rule. What am I doing wrong?
You cannot exclude a DLL.
It is "Processes to exclude" only.
Had a similar conversation recently, but the fact is Access Protection is not as flexible as some folk would like. You are welcome to submit PERs for the desired functionality.