53 / 5.000 Elastic defend allows all files in a directory

ArgoAdvisory · January 22, 2025, 4:43pm

Good morning everyone.

I have installed Elastic Defend \ Endpoint Security on my Windows computer.

I would like every file in a specific folder:
Example, C:\directory*

not to be blocked.

I have already tried to put in the trust applications:
Path matches C:\Directory*

And in the rule exceptions:
file.path matches C:\Directory*

But it doesn't work. Any ideas?

gabriel.landau · January 22, 2025, 5:40pm

Hi @ArgoAdvisory. You'll want two Endpoint (not Rule) Exceptions:

You can find this under /app/security/exceptions/details/endpoint_list

Topic		Replies	Views
Recommended exceptions for Elastic Endpoint Elastic Security	3	613	January 18, 2024
Elastic Defend - Folder- Extensions and Process-exceptions Elastic Security	2	333	November 9, 2023
Defend exclusion by parent signature? Endpoint Security	5	40	September 16, 2024
Path exclude from scanning Elastic Security	4	77	November 27, 2024
Question about whitelisting directories Elastic Security	7	629	March 9, 2022