Example 1. Excluded processes

To exclude third-party application (process) events from telemetry, open the EDR telemetry exclusions window on the Excluded processes tab and add the executable file of the application.

Kaspersky Endpoint Security combines rule triggering criteria with a logical AND.

Kaspersky Endpoint Security supports environment variables and the * and ? characters when entering a mask. For example:

• C:\Program Files\*\notepad++.exe
• %ProgramFiles(x86)%\Notepad++\notepad++.exe

  

  Excluding a process

Example 1. File modification

If you often edit scripts in the Notepad++ application and you want to exclude the modification events for the corresponding scripts, add the Notepad++ executable file to telemetry exclusions.

Specify the settings as follows:

• Full path: C:\Program Files\Notepad++\notepad++.exe;
• SHA256: 64F7A36C01E79CD4B041E8A8607DFF06D5B606D36E3DFF9CFB5FFFA22D14D34;
• Used for the following event types: File modification.

Example 2. Network events

If you use the WinSCP application to manage files on a remote server and you want to exclude network events, add the WinSCP executable file to telemetry exclusions.

Specify the settings as follows:

• Full path: C:\Program Files (x86)\WinSCP\WinSCP.exe;
• SHA256: 47204338f0e092057024c9186f228c02417e917777f3e841d52b58251a956a74 (optional);
• Used for the following event types: Network events.

Page top