Jump to content

Archived

This topic is now archived and is closed to further replies.

droezel

Exclusions not working

Recommended Posts

We're test driving Enterprise Inspector and at the moment I have more than 250 clients sending events to EEI, off course there's a lot of noise and I'm adding exclusions for normal application behaviour. 

I'm noticing that a lot of my exclusions do not work and the events that I want to exclude are just showing up again. 

Example exclusion for Process from SysWOW64 started by unpopular process [a0416]

628708098_2018-09-2710_26_40-Clipboard.png.6c21070f18f4c8c9513dddc532cab58d.png

And still the event keeps showing up as warning: 

958350664_2018-09-2710_28_41-AlarmDetails-ESETEnterpriseInspector.png.596ff1b35ff29e770b7b62a99f90e4bd.png

The signer and computernames match up, so I don't see any reason why... Any way to troubleshoot this? 

Share this post


Link to post
Share on other sites

Thank you for reporting the problem. It turned out that we have a bug, which blocks this from working correctly. The bug will be fixed in the next release.

As a workaround, you can mark globalzpo.exe as safe in Executables View. This should silence this rule.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...