Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2799
Views
5
Helpful
2
Replies

Does Path Exclusion Also Exclude Processes Within It?

Go to solution
AndyIT
Level 1
Level 1

‎09-22-2020 06:12 AM - edited ‎09-22-2020 06:59 AM

Hi All,

 

I have created some path exclusions on my AMP console but my question is this, within a path exclusion will this also exclude any processes from being scanned which launch from within said path?

 

Example:

 

Path Exclusion

 

C:\Program Files (x86)\Visual Studio 14.0\

 

a few folders deeper within that path there is an .exe will that be excluded from the scans and if so will any child process it calls up be excluded also?

 

Many Thanks.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎09-22-2020 10:34 AM

Hello @AndyIT,

yes, a path exclusion will stop the connector to monitor (generating data for the backend engines) and scanning anything inside the configured path exclusion. From a security and visibility perspective, having as less as possible exclusions makes sense. 

For Development environments, i assume this is one, it is most time necessary to exclude developer tools.
From a best practice view:

  • Configure as less as possible exclusions.
  • Generate an own group, policy and exclusion list for Developer endpoints.

There are two tools available to figure out necessary exclusions on the endpoint:

Greetings,
Thorsten

View solution in original post

0 Helpful
2 Replies 2

Go to solution
majacob2
Cisco Employee
Cisco Employee

‎09-22-2020 08:38 AM

AndyIT,

 

These are 2 different types of exclusions, you would need PATH exclusions to exclude PATHs, Process Exclusions to exclude processes and child process exclusion is an option for Process Exclusions.

 

Thanks!

0 Helpful

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎09-22-2020 10:34 AM

Hello @AndyIT,

yes, a path exclusion will stop the connector to monitor (generating data for the backend engines) and scanning anything inside the configured path exclusion. From a security and visibility perspective, having as less as possible exclusions makes sense. 

For Development environments, i assume this is one, it is most time necessary to exclude developer tools.
From a best practice view:

  • Configure as less as possible exclusions.
  • Generate an own group, policy and exclusion list for Developer endpoints.

There are two tools available to figure out necessary exclusions on the endpoint:

Greetings,
Thorsten

0 Helpful
Customers Also Viewed These Support Documents