You can exclude a process by hash under Management > Exclusions. Create/edit an exclusion set, click Add Exclusion > File and you'll see the following message, "You can provide path and/or SHA-256. If you specify both a path and SHA-256 then both conditions must be met for the process to be excluded.". For more information, I suggest referring to the User Guide in the AMP Documentation Page.
today you can only configure a process exclusion with the full patch to the executable. There is no option to classify an executable without path, so the exclusion would work independent from the executables path.
If the executable is located in several directories, sorry to say, you have to generate multiple exclusions. I would suggest generating an own exclusion list for this.
You may also ping your Cisco representative to open a Feature Request for this.
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln...
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...