Elastic Defend - Folder- Extensions and Process-exceptions

When using elastic defend on enterprise workloads (Windows Servers), I want to adhere and follow official list of AV exclusions. These guidelines often includes Processes, folders, specific file-extensions (again, windows) and files.

In Elastic Defend (8.8.1 currently) I only have hash, path and signature in the "Trusted Applications" wizard.
Can I do more types of exclusions as above? Not interested in alert filters or such, as i dont want elastic-endpoint to interfere at all with specific processes.

I am using version 8.10.3 and, so far, the functionality for inspecting directories or files similar to an antivirus has not been made available. Perhaps, in the future, they can make this feature available.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.