tgr 0 Posted January 17 Share Posted January 17 Hello I have a question about exclusions. If I make an exclusion for a rule, do I still see those messages somewhere in the logs? Because without exclusions there are too many messages, but it would be important for us if it is still logged somewhere (to be able to track it in case of an incident). Thanks and kind regards! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted January 18 Administrators Share Posted January 18 You can re-run rules while ignoring exclusions. If you do not select to add detections to the main detections table immediately, you will be able to review the matched detections first in the re-run task details: Link to comment Share on other sites More sharing options...
TradeLabelSoftware 0 Posted January 19 Share Posted January 19 This is such a common problem and the solution you provided didn't work. So can you provide a better solution. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted January 19 Administrators Share Posted January 19 With ESET Inspect 1.8+, rules are evaluated on clients by default. You would see records like this in the EI connector logs for excluded events: 2023-01-19 11:07:53 013a4 Debug: Rule "Notepad has been started"(1104) matching was excluded by "Exclusion for rule: Notepad has been started"(224) on CreateProcess(10) Link to comment Share on other sites More sharing options...
Recommended Posts