FAQs
Incidents related to Process and library monitoring, ACP and Memory exploit protection are not reported. All the other types of incidents (VSP-Web, FSM and VSP-Memory) are reported on CMS even during the maintenance mode.
Only the new .exe and library files are added to the allowlist automatically.
In Pristine Mode, once the Maintenance window ends, the below events occur:
-
A scan is initiated on all the hosts in Maintenance mode
-
Once the scan is complete, all the newly installed processes/libraries are auto-allowlisted
-
The processes/libraries installed after the initial scan completion and before the start of the Maintenance window are reported to CMS as incidents
Such files are not allowlisted after maintenance ends. They are also not re-discovered during the scan.