Support

Support for business applications

Kaspersky XDR Expert

Monitoring, reporting, and audit

Triggering of rules in Smart Training mode

Adding exclusions from the Adaptive Anomaly Control rules

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Adding exclusions from the Adaptive Anomaly Control rules

May 15, 2024

ID 173182

Get as PDF

The Add exclusion wizard allows you to add exclusions from the Adaptive Anomaly Control rules for Kaspersky Endpoint Security.

You can start the wizard through one of the three procedures below.

To start the Add exclusion wizard through the Adaptive Anomaly Control node:

  1. In the console tree, select the node of the required Administration Server.
  2. Select Triggering of rules in Smart Training state (by default, this is a subfolder of Advanced → Repositories).
  3. In the workspace, right-click an element (or several elements) in the list of detections and select Add to exclusions.

    You can add up to 1000 exclusions at a time. If you select more elements and try to add them to exclusions, an error message is displayed.

The Add exclusion wizard starts.

You can start the Add exclusion wizard from other nodes in the console tree:

  • Events tab of the main window of the Administration Server (then the User requests option or Recent events option).
  • Report on Adaptive Anomaly Control rules state, Detections count column.

To add exclusions from the Adaptive Anomaly Control rules using the Add exclusion wizard:

  1. On the first page of the wizard, select an application from the list of Kaspersky applications whose management plug-ins allow you to add exclusions to the policies for these applications. Click Next to proceed to the second page of the wizard.

    This step can be skipped if you have only one Kaspersky Endpoint Security for Windows version and do not have other applications that support the Adaptive Anomaly Control rules.

  2. On the second page of the wizard, select the policies and profiles to which you want to add exclusions. Click Next to proceed to the third page of the wizard.

    The third page of the wizard displays a progress bar as the policies are processed. You can interrupt the processing of policies by clicking Cancel.

    Inherited policies cannot be updated. If you do not have the rights to modify a policy, this policy will not be updated either.

    When all the policies are processed (or if you interrupt the processing), a report appears. It shows which policies were updated successfully (green icon) and which policies were not updated (red icon).

  3. Click Finish to close the wizard.

    The exclusion from the Adaptive Anomaly Control rules is configured and applied.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.