EDR telemetry exclusions
To improve performance and optimize data transmission to the Telemetry server, you can configure EDR telemetry exclusions. For example, you can choose not to send network communications data for individual applications.
How to create an EDR telemetry exclusion in the Administration Console (MMC)
How to create an EDR telemetry exclusion in the Web Console and Cloud Console
EDR telemetry exclusion parameters
Parameter | Description |
---|---|
Excluded processes | Optimize the telemetry size to send. Kaspersky Endpoint Security allows optimizing the amount of transmitted data and excluding events with certain codes from telemetry: code 102 (basic communications) and 8 (network activity of the process) for the Microsoft SMB protocol, the WinRM service, and the klnagent.exe process of the Network Agent, as well as extended information about the types of network packets for all types of network protocols. Kaspersky Endpoint Security combines rule triggering criteria with a logical AND. Rule triggering criteria
In 64-bit operating systems, you must manually enter the parameters of the 64-bit version of the executable file of a process from the Use for the following event types
|
Excluded network communications | Rule name. Direction. Protocol. Protocol number. Local port or range. Remote port or range. Local address. The network address of the computer for which Kaspersky Endpoint Security is excluding telemetry from network traffic. Remote address. The network address of the computer for which Kaspersky Endpoint Security is excluding telemetry from network traffic. Only the IPv4 format is supported for IP addresses. Applications. List of executable files of applications for which Kaspersky Endpoint Security is excluding EDR telemetry from network traffic. |
Excluded file operations | Rule name. File name or mask. Name or mask of a file or folder; Kaspersky Endpoint Security applies the exclusion rule when this file or folder is accessed. Kaspersky Endpoint Security supports the * and ? characters when entering a mask. Kaspersky Endpoint Security combines rule triggering criteria with a logical AND. Rule triggering criteria
In 64-bit operating systems, you must manually enter the parameters of the 64-bit version of the executable file of a process from the |