07-08-2020 08:00 AM
In traditional AV you would add an exclusion so that it would not be checked, however you would still have this exclusion scanned on a scheduled scan
Does this apply to AMP4E or will the exclusion be ignored during the full scan too
07-09-2020 11:02 AM
07-13-2020 12:32 AM
Hello @Infrastructure9,
agree, having an option to ignore exclusions during an OnDemand Scan would be a useful enhancement for the Connector.
Today, the OnDemand Scan honors the configured Exclusions.
So what you can do. We introduced Automated Actions, where you can move a Computer into another Group. This Group should have configured more strict policies, e.g. less Exclusion lists. Based on an IOC, which can also be triggered by malicious behaviour of trusted files, the computer gets moved.
I opened a Feature Request to ignore configured Exclusions during ODScan: https://ciscosecurity.ideas.aha.io/ideas/AMP4E-I-1480.
You can share this link with your Cisco Representative to update it, adding notes or opening your personal one for you.
Hope this helps,
Greetings,
Thorsten
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide