Showing results for 
Search instead for 
Did you mean: 

Exploit prevention - exclusions 💃

Level 1
Level 1

Hello guys,

Do you know if it is possible to exclude a file from Exploit Prevention engine? I havent found anything like that in the AMP console.  If this is not possible, is it on the roadmap?





6 Replies 6

Cisco Employee
Cisco Employee



It is possible, although it should be done by a TAC engineer.

Otherwise, we have the option of putting Exploit Prevention in Audit or Disabled.



UMontero, you indicate that it should be done by a TAC engineer. Does that mean it can be done by mere mortals?

So are you asking if TAC engineers are mortals, or are you asking if there is actually a way for end users to do it?
At this point, it is still done in the back-end of your AMP tenant…

That answers the questions Ken. Actually I guess it answers two, the ethereal status of the TAC engineers, and my ability to do it myself.

Mariley Reinoso Olivera
Cisco Employee
Cisco Employee

Good engagement, Marcel. Message received ✉. Malo McWare was here but he jumped off a minute ago. Meet me back at HQs. I know where he's going. (Disclaimer: this post is part of the AMP for Endpoints Advocacy Campaign on the Cisco Gateway)

Cisco Employee
Cisco Employee

Hello all,
we are constantly adding features and improvements to the Secure Endpoint product and the SecureX architecture. Custom Exploit Prevention exclusions are not possible today. There are a lot of Feature Requests or wishes for different areas of the product/architecture. FRs are helping us to change the priority for new upcoming product features and improvements. If you want, i can open a FR for you in the tool. To do so, you may send me a PM including the following information.

  • Company Name
  • Connector Deployment count
  • Ares (APJC, EMEAR, NAM)

I will send you back the FR number, so you can go in contact with with Cisco representative.