cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2627
Views
5
Helpful
4
Replies

how to exclude process without path

4 Replies 4

Matthew Franks
Cisco Employee
Cisco Employee

You can exclude a process by hash under Management > Exclusions.  Create/edit an exclusion set, click Add Exclusion > File and you'll see the following message, "You can provide path and/or SHA-256. If you specify both a path and SHA-256 then both conditions must be met for the process to be excluded.".  For more information, I suggest referring to the User Guide in the AMP Documentation Page.

 

Thanks,
Matt

If we don't know what is the Hash of process or full path , does is it work only by mentioning  example ?

Can you clarify what you mean by mentioning example?  I don't understand the question.

Hello @Pruthvirajnasagoni89418,

today you can only configure a process exclusion with the full patch to the executable. There is no option to classify an executable without path, so the exclusion would work independent from the executables path.

If the executable is located in several directories, sorry to say, you have to generate multiple exclusions. I would suggest generating an own exclusion list for this.

You may also ping your Cisco representative to open a Feature Request for this.

Greetings,
Thorsten