Example 3. Excluded file operations
To exclude events involving operations with trusted files from telemetry, open the EDR telemetry exclusions window on the Excluded file operations tab and add the trusted file.
Kaspersky Endpoint Security combines rule triggering criteria with a logical AND.
Excluding file operations
If an application writes to a log and you want to exclude log file modification events, add the log file and the executable file of the application from telemetry.
Specify the settings as follows:
- File name or mask:
C:\Apache24\logs\error.log; - Operation type: File modification;
- Full path:
C:\Apache24\bin\httpd.exe; - SHA256: 64F7A36C01E79CD4B041E8A8607DFF06D5B606D36E3DFF9CFB5FFFA22D14D34.