TELEMETRYFILTERS. Filtering events to be sent to KUMA

By default, Kaspersky Endpoint Security sends a limited set of Windows log events to KUMA. To improve performance and optimize data transmission to the KUMA server, you can manually add or exclude individual events from telemetry. For example you can exclude Sysmon events.

You can export the list of exclusions to a JSON file from the command line.

If the command contains only the name of the file to which you want to export settings, the application places the file as follows:

If the path to avp.com is added to the %PATH% system variable, the application places the file in the C:\Windows\SysWOW64 folder.
If you run the command from the application installation folder, the export will fail because the application's self-protection blocks the creation of a new file in the application folder. To export application settings to a file, enter the file path.

To run the command, go to the folder where the Kaspersky Endpoint Security executable file is located. You can also add the executable file path to the %PATH% system variable and run the command without navigating to the application folder.

Command syntax

avp.com TELEMETRYFILTERS /export <file name>

avp.com TELEMETRYFILTERS /import <file name>

Operation
`export`	Exporting event filters to be sent to KUMA.
`import`	Importing event filters to be sent to KUMA. If event filtering rules already exist on the computer, Kaspersky Endpoint Security replaces these when importing.

File for export or import
`<file name>`	Name of the file with event filters to be sent to KUMA. You can also enter the file path. You can export filters for sending to KUMA to a JSON file.