Users with the Senior security officer role can add Kaspersky Intrusion Detection rules to scan exclusions. Kaspersky Anti Targeted Attack Platform does not create alerts when scanning by excluded Intrusion Detection rules. However, the application continues to register NDR events using the Intrusion Detection (IDS) technology.
If you want to configure a singular exclusion, for example, if you do not want the selected source address to be displayed in the alert, you need to create an allow rule. In this case, the application will not register NDR events for the excluded source address or created create alerts for these.
You can add to exclusions only Intrusion Detection rules made by Kaspersky. If you do not want to apply a user-defined Intrusion Detection rule when scanning, you can disable this rule or delete it.
Users with the Security auditor role can view the list of Intrusion Detection rules added to exclusions, and view the properties of a selected rule.
Users with the Security officer role cannot view the list of Intrusion Detection rules added to exclusions.