EDR Expert (on-premise) telemetry exclusions

To improve performance and optimize data transmission to the Telemetry server, you can configure telemetry exclusions. For example, you can choose not to send network communications data for individual applications.

How to create a telemetry exclusion in the Web Console and Cloud Console

1. In the main window of the Web Console, select the Assets (Devices) → Policies & profiles tab.
2. Click the name of the Kaspersky Endpoint Security policy.

   The policy properties window opens.

3. Select the Application settings tab.
4. Go to General Settings → Telemetry Settings.
5. Select the EDR Expert (on-premise) telemetry tab.
6. In the General exclusions block, click the Add button.

   This starts the wizard for adding a telemetry exclusion.

7. Configure the telemetry exclusion:
   1. Select a status for the telemetry exclusion.
   2. Enter a name for the rule.
   3. Select an action to be applied when the telemetry exclusion is triggered:
      • Do not collect.
      • Exclude IOA. Indicator of Attack (IOA) is a rule that contains a description of suspicious behavior in the system that may indicate a targeted attack. The application compares ongoing behavior in the system with these rules and logs events that are indicative of a targeted attack. The application uses the streaming scan technology, which allows real time tracking of such events.
   4. Specify triggering conditions for the telemetry exclusion.
8. If necessary, under All event types, add telemetry exclusions by event type.
9. Save your changes. To apply the policy on computers, close the padlocks .

Page top