https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/different-process-exception-on-exception-profile-and-folder/m-p/429545#M1000 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/191261">@Muhammad-Rusli</a>&nbsp;wrote:<BR /><P>Hi Expert,</P><P>&nbsp;</P><P>Please give me advice, So I have assesment for exclusion folder and file .exe and file etc extension.</P><P>The asessment from Sophos for agent existing my customer.</P><P>&nbsp;</P><P>The example exclusion files like a below :</P><P>&nbsp;</P><P>C:\Windows\System32\backgroundTaskHost.exe&nbsp;</P><P>C:\Program FIles (x86)\Microsoft SQL Server\</P><P>*.txt</P><P>, more again</P><P>&nbsp;</P><P>So my question is, where I can add the exclusion folder/files, Malware Profile or Exception Profile?</P><HR /></BLOCKQUOTE><P>Hello Muhammad-Rusli,</P><P>&nbsp;</P><P>It would be a best practice to first check the details of the incident and alarms within it to understand why the application was prevented, alert sources and the need for the exception. You can add more granular detail to your baseline policies configuring&nbsp; an exceptions profile. (f.e&nbsp; Process Exceptions, Support Exceptions, Behavioral Threat Protection Rule Exceptions, Local Analysis Rules Exceptions</P><DIV class="nav-link ng-star-inserted">Advanced Analysis Exception or Digital Signer Exceptions). With a Malware profile you can add files and folders to an allow list to exclude them from examination.</DIV><DIV class="nav-link ng-star-inserted">&nbsp;</DIV><DIV class="nav-link ng-star-inserted">Endpoint Security Profiles:</DIV><DIV class="nav-link ng-star-inserted"><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-profiles.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-profiles.html</A></DIV><DIV class="nav-link ng-star-inserted">&nbsp;</DIV><DIV class="nav-link ng-star-inserted">Exceptions security profiles:</DIV><DIV class="nav-link ng-star-inserted"><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/exceptions-security-profiles.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/exceptions-security-profiles.html</A></DIV><DIV class="nav-link ng-star-inserted">&nbsp;</DIV> Thu, 26 Aug 2021 20:01:10 GMT yalonso 2021-08-26T20:01:10Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/different-process-exception-on-exception-profile-and-folder/m-p/428786#M992 <P>Hi Expert,</P><P>&nbsp;</P><P>Please give me advice, So I have assesment for exclusion folder and file .exe and file etc extension.</P><P>The asessment from Sophos for agent existing my customer.</P><P>&nbsp;</P><P>The example exclusion files like a below :</P><P>&nbsp;</P><P>C:\Windows\System32\backgroundTaskHost.exe&nbsp;</P><P>C:\Program FIles (x86)\Microsoft SQL Server\</P><P>*.txt</P><P>, more again</P><P>&nbsp;</P><P>So my question is, where I can add the exclusion folder/files, Malware Profile or Exception Profile?</P> Tue, 24 Aug 2021 15:30:24 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/different-process-exception-on-exception-profile-and-folder/m-p/428786#M992 Muhammad-Rusli 2021-08-24T15:30:24Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/different-process-exception-on-exception-profile-and-folder/m-p/429545#M1000 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/191261">@Muhammad-Rusli</a>&nbsp;wrote:<BR /><P>Hi Expert,</P><P>&nbsp;</P><P>Please give me advice, So I have assesment for exclusion folder and file .exe and file etc extension.</P><P>The asessment from Sophos for agent existing my customer.</P><P>&nbsp;</P><P>The example exclusion files like a below :</P><P>&nbsp;</P><P>C:\Windows\System32\backgroundTaskHost.exe&nbsp;</P><P>C:\Program FIles (x86)\Microsoft SQL Server\</P><P>*.txt</P><P>, more again</P><P>&nbsp;</P><P>So my question is, where I can add the exclusion folder/files, Malware Profile or Exception Profile?</P><HR /></BLOCKQUOTE><P>Hello Muhammad-Rusli,</P><P>&nbsp;</P><P>It would be a best practice to first check the details of the incident and alarms within it to understand why the application was prevented, alert sources and the need for the exception. You can add more granular detail to your baseline policies configuring&nbsp; an exceptions profile. (f.e&nbsp; Process Exceptions, Support Exceptions, Behavioral Threat Protection Rule Exceptions, Local Analysis Rules Exceptions</P><DIV class="nav-link ng-star-inserted">Advanced Analysis Exception or Digital Signer Exceptions). With a Malware profile you can add files and folders to an allow list to exclude them from examination.</DIV><DIV class="nav-link ng-star-inserted">&nbsp;</DIV><DIV class="nav-link ng-star-inserted">Endpoint Security Profiles:</DIV><DIV class="nav-link ng-star-inserted"><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-profiles.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-profiles.html</A></DIV><DIV class="nav-link ng-star-inserted">&nbsp;</DIV><DIV class="nav-link ng-star-inserted">Exceptions security profiles:</DIV><DIV class="nav-link ng-star-inserted"><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/exceptions-security-profiles.html" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/exceptions-security-profiles.html</A></DIV><DIV class="nav-link ng-star-inserted">&nbsp;</DIV> Thu, 26 Aug 2021 20:01:10 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/different-process-exception-on-exception-profile-and-folder/m-p/429545#M1000 yalonso 2021-08-26T20:01:10Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/different-process-exception-on-exception-profile-and-folder/m-p/464215#M1545 <P>I'm also having a difficult time looking for file extensions exclusions if that is even possible?</P> Tue, 08 Feb 2022 15:13:03 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/different-process-exception-on-exception-profile-and-folder/m-p/464215#M1545 magarcias 2022-02-08T15:13:03Z