<< PREVIOUS  NEXT >>

 

GLOBAL EXCLUSION LIST

 

Global Exclusion is the list of directories and files that need to be excluded from process and library monitoring for all profiles. To add or modify the global list, follow the steps below:

 

NOTE:

Once a file/directory is added to the exclusion list, all the current incidents related to this file/directory are automatically acknowledged. They are no longer visible as Incidents

 

  1. On the Host Monitoring page, click ALL PROFILES

  2. Select Exclusions List

    Picture 85  

  3. Click Add Allowlist Exclusion

    Picture 85

  4. In the pop-up window, add the regular expression that matches the directory path and press Enter. One entry can be added at a time. Normal regex syntax can be utilized

    Picture 1043

  5. The new entry is added to the list. Click SAVE

    Picture 1055

  6. The table below shows a couple of RegEx examples:

     

    RegEx Examples

    Represented Files/ Directories

    Operating System

    .:\\*test.*\\*tmp\\*.*

    C:\test-1\tmp\tmp-lib.dll

    C:\test-2\tmp\tmp-lib-2.dll

    D:\test-test\tmp\tmp-lib-3.dll

    Windows

    C:\\ProgramData\\Amazon\\SSM\\*.*

    C:\ProgramData\Amazon\SSM\example.exe

    Windows

    C:\\dir1\\tmp\\tmp-lib.dll

    Specific file: C:\dir1\tmp\tmp-lib.dll

    Windows

    C:\\dir1\\dir2\\*.exe

    All the files with extension .exe in the directory: C:\dir1\dir2

    Windows

    C:\\dir1\\dir2\\*

    All the files in the directory: C:\dir1\dir2

    Windows

    /opt/test/tmp.*/.*

    /opt/test/tmp-1/example

    /opt/test/tmp-abc/example-2

    Linux

    /var/packages/.*cache.*/.*

    /var/packages/pkg-cache/program-1

    /var/packages/publisher-cache/program-2

    Linux

    /opt/test/tmp-1/example.sh

    Specific file: /opt/test/tmp-1/example.sh

    Linux

    /home/user/*.log

    All the files with extension .log in the directory: /home/user

    Linux

    /home/user/log/*

    All the files in the directory: /home/user/log

    Linux

    Table - RegEx Examples

     

  7. The added entries can be deleted if required

  8. Both global and profile exclusion lists are considered while creating new profile

  NOTE:

Instead of adding explicit spaces, it is recommended to use "[ ]+" so that one or more spaces can be matched instead of the exact number of spaces

It is recommended that the Windows nativeimages libraries be added to the exclusion list using the regex: C:\\windows\\assembly\\nativeimages.* to avoid allowlisting each nativeimages library after incident detection

 

<< PREVIOUS  NEXT >>