cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
488
Views
5
Helpful
2
Replies
Highlighted
Beginner

Does Path Exclusion Also Exclude Processes Within It?

Hi All,

 

I have created some path exclusions on my AMP console but my question is this, within a path exclusion will this also exclude any processes from being scanned which launch from within said path?

 

Example:

 

Path Exclusion

 

C:\Program Files (x86)\Visual Studio 14.0\

 

a few folders deeper within that path there is an .exe will that be excluded from the scans and if so will any child process it calls up be excluded also?

 

Many Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hello @AndyIT,

yes, a path exclusion will stop the connector to monitor (generating data for the backend engines) and scanning anything inside the configured path exclusion. From a security and visibility perspective, having as less as possible exclusions makes sense. 

For Development environments, i assume this is one, it is most time necessary to exclude developer tools.
From a best practice view:

  • Configure as less as possible exclusions.
  • Generate an own group, policy and exclusion list for Developer endpoints.

There are two tools available to figure out necessary exclusions on the endpoint:

Greetings,
Thorsten

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

AndyIT,

 

These are 2 different types of exclusions, you would need PATH exclusions to exclude PATHs, Process Exclusions to exclude processes and child process exclusion is an option for Process Exclusions.

 

Thanks!

Highlighted
Cisco Employee

Hello @AndyIT,

yes, a path exclusion will stop the connector to monitor (generating data for the backend engines) and scanning anything inside the configured path exclusion. From a security and visibility perspective, having as less as possible exclusions makes sense. 

For Development environments, i assume this is one, it is most time necessary to exclude developer tools.
From a best practice view:

  • Configure as less as possible exclusions.
  • Generate an own group, policy and exclusion list for Developer endpoints.

There are two tools available to figure out necessary exclusions on the endpoint:

Greetings,
Thorsten

View solution in original post