EFI/CompuTrace.A where to exclude?

[pstoric 0]

I'm trying to exclude that threat by name in the the ERA console under policies but I can only find options to exclude it by path or executable name. Is there a spot where I can list that exact name "EFI/CompuTrace.A" so it can be skipped?

I don't want to completely disable PUP protection

[MartinK 329]

Could you please specific version of ERA/ESMC you are using? Asking as since ESMC 7.1 (released in 2019), exclusions management has been redesigned and is not available via configuration policies, but as separate module directly into management console.

[pstoric 0]

1 hour ago, pstoric said:

I'm trying to exclude that threat by name in the the ERA console under policies but I can only find options to exclude it by path or executable name. Is there a spot where I can list that exact name "EFI/CompuTrace.A" so it can be skipped?

I don't want to completely disable PUP protection

We're using version 7.2

[Marcos 3,573]

For me it worked like a charm.

Clicked the desired detection and selected Create exclusion from the menu:

This excluded the detection name from detection:

[pstoric 0]

Hmm I tried to click onto the exclusions section but got the following message. I can't create one manually and use a threat name. Going to look into it a bit later 

 

Edited November 3, 2020 by pstoric

[Marcos 3,573]

That's because you must first select the desired detection and then select to create an exclusion :

[pstoric 0]

Thanks for the tip! I'll try that and get back to you but seems like that's that answer.