Agents sometimes mark benign items as potential threats. You can configure Exclusions to make your Agents suppress alerts and mitigation for these items. 


Be careful! If you create incorrect exclusions, you can open your environment to malware

Also see Best Practices for Exclusions and Not Recommended Exclusions

You can create the following types of exclusions:

hash path certificate signer file type browser

Best Practice: Whenever possible:

  • use Hash exclusion for things like False/Positives
  • use Path exclusions in Interoperability mode for interoperability issues

Exclusion Hierarchy

  • Each EDR Policy has its own exclusions, as well as inheriting those from the Default Group EDR Policy

Viewing Exclusions

To view exclusions:

  1. Edit the EDR Policy where want to view exclusions
  2. Navigate to the Exclusions tab