https://community.cisco.com/t5/endpoint-security/does-path-exclusion-also-exclude-processes-within-it/m-p/4155358#M5679 <P>AndyIT,</P> <P>&nbsp;</P> <P>These are 2 different types of exclusions, you would need PATH exclusions to exclude PATHs, Process Exclusions to exclude processes and child process exclusion is an option for Process Exclusions.</P> <P>&nbsp;</P> <P>Thanks!</P> Tue, 22 Sep 2020 15:38:37 GMT majacob2 2020-09-22T15:38:37Z https://community.cisco.com/t5/endpoint-security/does-path-exclusion-also-exclude-processes-within-it/m-p/4155276#M5678 <P>Hi All,</P><P>&nbsp;</P><P>I have created some path exclusions on my AMP console but my question is this, within a path exclusion will this also exclude any processes from being scanned which launch from within said path?</P><P>&nbsp;</P><P>Example:</P><P>&nbsp;</P><P>Path Exclusion</P><P>&nbsp;</P><P>C:\Program Files (x86)\Visual Studio 14.0\</P><P>&nbsp;</P><P>a few folders deeper within that path there is an .exe will that be excluded from the scans and if so will any child process it calls up be excluded also?</P><P>&nbsp;</P><P>Many Thanks.</P> Tue, 22 Sep 2020 13:59:11 GMT https://community.cisco.com/t5/endpoint-security/does-path-exclusion-also-exclude-processes-within-it/m-p/4155276#M5678 AndyIT 2020-09-22T13:59:11Z https://community.cisco.com/t5/endpoint-security/does-path-exclusion-also-exclude-processes-within-it/m-p/4155358#M5679 <P>AndyIT,</P> <P>&nbsp;</P> <P>These are 2 different types of exclusions, you would need PATH exclusions to exclude PATHs, Process Exclusions to exclude processes and child process exclusion is an option for Process Exclusions.</P> <P>&nbsp;</P> <P>Thanks!</P> Tue, 22 Sep 2020 15:38:37 GMT https://community.cisco.com/t5/endpoint-security/does-path-exclusion-also-exclude-processes-within-it/m-p/4155358#M5679 majacob2 2020-09-22T15:38:37Z https://community.cisco.com/t5/endpoint-security/does-path-exclusion-also-exclude-processes-within-it/m-p/4155437#M5680 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1103332">@AndyIT</a>,</P> <P>yes, a path exclusion will stop the connector to monitor (generating data for the backend engines) and scanning anything inside the configured path exclusion. From a security and visibility perspective, having as less as possible exclusions makes sense.&nbsp;</P> <P>For Development environments, i assume this is one, it is most time necessary to exclude developer tools. <BR />From a best practice view:</P> <UL> <LI>Configure as less as possible exclusions.</LI> <LI>Generate an own group, policy and exclusion list for Developer endpoints.</LI> </UL> <P>There are two tools available to figure out necessary exclusions on the endpoint:</P> <UL> <LI>AMP tuning tool which processes diagnostic packages:&nbsp;<A href="https://github.com/CiscoSecurity/amp-05-windows-tune" target="_blank">https://github.com/CiscoSecurity/amp-05-windows-tune</A></LI> <LI>AMP Health Checker which gives you a live view into the connector:&nbsp;<A href="https://github.com/CiscoSecurity/amp-05-health-checker-windows" target="_blank">https://github.com/CiscoSecurity/amp-05-health-checker-windows</A></LI> </UL> <P>Greetings,<BR />Thorsten</P> Tue, 22 Sep 2020 17:34:25 GMT https://community.cisco.com/t5/endpoint-security/does-path-exclusion-also-exclude-processes-within-it/m-p/4155437#M5680 Troja007 2020-09-22T17:34:25Z