Automation folder exclusions allow you to specify folders that the Automated investigation will skip.
You can control the following attributes about the folder that you’d like to be skipped:
- Folders: You can specify a folder and its subfolders to be skipped.
Note
At this time, use of wild cards as a way to exclude files under a directory is not yet supported.
- Extensions of the files: You can specify the extensions to exclude in a specific directory. The extensions are a way to prevent an attacker from using an excluded folder to hide an exploit. The extensions explicitly define which files to ignore.
- File names: You can specify the file names that you want to be excluded in a specific directory. The names are a way to prevent an attacker from using an excluded folder to hide an exploit. The names explicitly define which files to ignore.
Add an automation folder exclusion
- In the navigation pane, select Settings > Endpoints > Rules > Automation folder exclusions.
- Click New folder exclusion.
- Enter the folder details:
- Folder
- Extensions
- File names
- Description
- Click Save.
Note
Live Response commands to collect or examine excluded files will fail with error: “File is excluded”. In addition, automated investigations will ignore the excluded items.
Edit an automation folder exclusion
- In the navigation pane, select Settings > Endpoints > Rules > Automation folder exclusions.
- Click Edit on the folder exclusion.
- Update the details of the rule and click Save.
Remove an automation folder exclusion
- In the navigation pane, select Settings > Endpoints > Rules > Automation folder exclusions.
- Click Remove exclusion.
Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team
(Visited 50 times, 1 visits today)