Elastic Defend - Folder- Extensions and Process-exceptions

slash24 · October 11, 2023, 11:11am

When using elastic defend on enterprise workloads (Windows Servers), I want to adhere and follow official list of AV exclusions. These guidelines often includes Processes, folders, specific file-extensions (again, windows) and files.

In Elastic Defend (8.8.1 currently) I only have hash, path and signature in the "Trusted Applications" wizard.
Can I do more types of exclusions as above? Not interested in alert filters or such, as i dont want elastic-endpoint to interfere at all with specific processes.

wsouza · October 12, 2023, 7:37pm

I am using version 8.10.3 and, so far, the functionality for inspecting directories or files similar to an antivirus has not been made available. Perhaps, in the future, they can make this feature available.

system · November 9, 2023, 7:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Recommended exceptions for Elastic Endpoint Elastic Security	3	539	January 18, 2024
Defend exclusion by parent signature? Endpoint Security	5	30	September 16, 2024
Endpoint 7.9.x Process/Folder exemptions with ingest manager? Elastic Security	11	809	November 4, 2022
Which folders should be excluded in case of any Endpoint protection client? Logstash elastic-stack-security	1	1815	July 6, 2017
Elasticsearch Antivirus Exclusions? Elasticsearch	2	3995	July 28, 2017

Elastic Defend - Folder- Extensions and Process-exceptions

Related topics