Jump to content

Creating exclusions for two rules with two different operations in exclusion


Go to solution Solved by JamesR,

Recommended Posts

Hello,

 

I would like to ask, if I want to create an exclusion for two different rules that have different trigger events, let's say I would like to add into exclusion CodeInjection for rule [F0413b][C] and for rule [D1206] I would like to add trigger event DllLoaded into exclusion. Is it possible to add two operations like this into the exclusions?

Link to comment
Share on other sites

  • ESET Staff

I would not recommend this.  When you create an advanced exclusion, which will use an <operation type="...">, you should have it match the operation type of the triggering event.  If you try to use an exclusion with a "DllLoad" operation, and apply the exclusion to a rule which is looking for "CodeInjection", your exclusion will not work as expected.  In short, mixing and matching different operations in an exclusion, can break your exclusion.

 

Also, it appears you may be using an older version of our On Premise solution.  I would recommend upgrading when you can.  The rule tag "[F0413b][C]" is outdated and has been replaced with "[F0413b]".

Link to comment
Share on other sites

Thank you for your response. So the conclusion of it is to separate them and create one exclusion for [F0413b][C] and one exclusion for [D1206]? Just to be sure. And thank you for the update reminder... I know about it.

Link to comment
Share on other sites

  • ESET Staff
  • Solution
1 minute ago, Michael002 said:

Thank you for your response. So the conclusion of it is to separate them and create one exclusion for [F0413b][C] and one exclusion for [D1206]? Just to be sure. And thank you for the update reminder... I know about it.

Correct.  Its best to separate into 2 different exclusions.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...