Allowlist defines all the processes or associated libraries that are allowed to execute. This section provides information about:

  1. Managing the allow list at global and profile levels (Section Allowlist)

  2. Defining exclusion list at global and profile levels (Section Exclusion List)

  3. Defining the allowed publishers list for Windows (Section Publishers List (Windows Application Instances))

  4. Defining the allowed packages list for Linux (Section Packages List (Linux Application Instances))

  5. The role of Threat intelligence Service (Section Threat Intelligence Service)

  6. Addition to the allowlist from detected incidents (Section Allowlist Addition from Detected Incidents)