To improve performance and optimize data transmission to the Telemetry server, you can configure EDR telemetry exclusions. For example, you can choose not to send network communications data for individual applications.
In the main window of the Web Console, select Devices → Policies & profiles.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to General settings → Exclusions and types of detected objects.
In the Scan exclusions and trusted applications block, click the EDR telemetry exclusions link.
This opens a window; in that window, configure EDR telemetry exclusions (see the table below).
Save your changes.
EDR telemetry exclusion parameters
Parameter
Description
Excluded processes
Optimize the telemetry size to send. Kaspersky Endpoint Security allows optimizing the amount of transmitted data and excluding events with certain codes from telemetry: code 102 (basic communications) and 8 (network activity of the process) for the Microsoft SMB protocol, the WinRM service, and the klnagent.exe process of the Network Agent, as well as extended information about the types of network packets for all types of network protocols.
Kaspersky Endpoint Security combines rule triggering criteria with a logical AND.
Rule triggering criteria
Process details.
Full path. Full path to the file including its name and extension. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
Command line text. Command used to run the file.
Specify rule triggering criteria and the event types to use this rule for. Value of the FileDescription parameter from a RT_VERSION (VersionInfo) resource.
Original file name. Value of the OriginalFilename parameter from a RT_VERSION (VersionInfo) resource.
Version. Value of the FileVersion parameter from a RT_VERSION (VersionInfo) resource.
File checksums. MD5 and SHA256.
You can also select a file manually, and the application will automatically fill out the fields from the selected file.
Parent process details.
Full path. Path to the folder in which the file is located. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
Command line text. Command used to run the file.
Specify rule triggering criteria and the event types to use this rule for. Value of the FileDescription parameter from a RT_VERSION (VersionInfo) resource.
Original file name. Value of the OriginalFilename parameter from a RT_VERSION (VersionInfo) resource.
Version. Value of the FileVersion parameter from a RT_VERSION (VersionInfo) resource.
File checksums. MD5 and SHA256.
You can also select a file manually, and the application will automatically fill out the fields from the selected file.
In 64-bit operating systems, you must manually enter the parameters of the 64-bit version of the executable file of a process from the C:\windows\system32 folder because the application populates the executable file parameter fields with data from the properties of the 32-bit version of the same executable file in the C:\windows\syswow64 folder. For example, if you select C:\windows\system32\cmd.exe, the plugin displays the parameters of C:\windows\syswow64\cmd.exe. Such behavior is dictated by peculiarities of the operating system.
Use for the following event types
File modification.
Network events.
Process: console interactive input.
Module loaded.
Registry modified.
Excluded network communications
Rule name.
Direction.
Protocol.
Protocol number.
Local port or range.
Remote port or range.
Local address. The network address of the computer for which Kaspersky Endpoint Security is excluding telemetry from network traffic.
Remote address. The network address of the computer for which Kaspersky Endpoint Security is excluding telemetry from network traffic.
Only the IPv4 format is supported for IP addresses.
Applications. List of executable files of applications for which Kaspersky Endpoint Security is excluding EDR telemetry from network traffic.
Excluded file operations
Rule name.
File name or mask. Name or mask of a file or folder; Kaspersky Endpoint Security applies the exclusion rule when this file or folder is accessed. Kaspersky Endpoint Security supports the * and ? characters when entering a mask.
Kaspersky Endpoint Security combines rule triggering criteria with a logical AND.
Rule triggering criteria
Process details.
Full path. Full path to the file including its name and extension. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
Command line text. Command used to run the file.
Specify rule triggering criteria and the event types to use this rule for. Value of the FileDescription parameter from a RT_VERSION (VersionInfo) resource.
Original file name. Value of the OriginalFilename parameter from a RT_VERSION (VersionInfo) resource.
Version. Value of the FileVersion parameter from a RT_VERSION (VersionInfo) resource.
File checksums. MD5 and SHA256.
You can also select a file manually, and the application will automatically fill out the fields from the selected file.
Parent process details.
Full path. Path to the folder in which the file is located. Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask.
Command line text. Command used to run the file.
Specify rule triggering criteria and the event types to use this rule for. Value of the FileDescription parameter from a RT_VERSION (VersionInfo) resource.
Original file name. Value of the OriginalFilename parameter from a RT_VERSION (VersionInfo) resource.
Version. Value of the FileVersion parameter from a RT_VERSION (VersionInfo) resource.
File checksums. MD5 and SHA256.
You can also select a file manually, and the application will automatically fill out the fields from the selected file.
In 64-bit operating systems, you must manually enter the parameters of the 64-bit version of the executable file of a process from the C:\windows\system32 folder because the application populates the executable file parameter fields with data from the properties of the 32-bit version of the same executable file in the C:\windows\syswow64 folder. For example, if you select C:\windows\system32\cmd.exe, the plugin displays the parameters of C:\windows\syswow64\cmd.exe. Such behavior is dictated by peculiarities of the operating system.