This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Adding file and folder exclusions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Adding file and folder exclusions

Go to solution
JLawrence-Serra
L0 Member

‎10-18-2023 10:22 AM

We have  a security camera server that's been throwing out low memory resource messages and the company that provides the software claims that Cortex XDR endpoint client is causing memory leaks. There are no incidents being triggered by this server and the memory usage of Cortex is always under 1GB of memory. They have provided documentation that appears to be geared more toward traditional antivirus software to add folder and file exceptions from the software. I don't see in the XDR control console a place for me to make these exceptions unless there was an incident or to allow list a vendor or hash. Does this seem like they're grasping for something to be the issue or can anyone help guide me on how to add these exceptions. Below is the document they provided to help understand what they're asking of us to do.

 

https://support.avigilon.com/s/article/ACC-Files-and-Folders-to-be-Added-to-An-Antivirus-Exclusion-L...

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
jmazzeo
L4 Transporter

‎10-18-2023 11:28 AM

Hi @JLawrence-Serra, thanks for reaching the Live Community.

You can create exceptions rules to avoid files or folder for being scanned by the XDR Agent modules.

You need to create a "Disable Prevention Rule", this is located at Settings → Exception Configuration → Disable Prevention Rules

 

This is the official doc: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-Disab...

 

I recommend creating the rule and apply this only to the Profile that is assigned to this endpoints.

When you define the rule, note that you can use wildcards for the folder definitions. In your case, you will need to create more than one rule to cover all the required folders.

 

jmazzeo_0-1697653610262.png

 

I think this can solve your inquiry.

JM

View solution in original post

2 REPLIES 2

Go to solution
jmazzeo
L4 Transporter

‎10-18-2023 11:28 AM

Hi @JLawrence-Serra, thanks for reaching the Live Community.

You can create exceptions rules to avoid files or folder for being scanned by the XDR Agent modules.

You need to create a "Disable Prevention Rule", this is located at Settings → Exception Configuration → Disable Prevention Rules

 

This is the official doc: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-Disab...

 

I recommend creating the rule and apply this only to the Profile that is assigned to this endpoints.

When you define the rule, note that you can use wildcards for the folder definitions. In your case, you will need to create more than one rule to cover all the required folders.

 

jmazzeo_0-1697653610262.png

 

I think this can solve your inquiry.

JM

Go to solution
JLawrence-Serra
L0 Member
In response to jmazzeo

‎10-18-2023 11:56 AM

Thank you very much for your help! That helped solve my problem! I appreciate the details you provided in the screen shot.

  • 1 accepted solution
  • 1227 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks