Adding Process\file global exceptions in XDR

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Adding Process\file global exceptions in XDR

L2 Linker


I want to add an exception for an in house app that the xdr keeps blocking. I tried adding a global exception as outlined here - 

However I dont have the option to create an alert exception in the right click menu. I am an admin in our xdr. 

How can i create an exception?


L4 Transporter

Hi Daniel_Itenberg,


The context menu changes depending on the alert you select.  If the alert is a Behavioral Threat Protection (BTP) alert, you will have the "Create Alert Exception" option under Manage Alert.  If the alert is a Local Malware Analysis alert, you will have the "Add initiator SHA256 to Allow list" option under Manage Alert.  Can you please confirm the source of the alert and the alert name?  This will tell us what kind of alert you are trying to create an exception for.

L5 Sessionator

The broadsword approach to the solution is to add it to the Global Allow List :

I want to completely exclude examination of said process from all endpoints in my organisation. adding to the allow list dosent help because the sha256 is different everytime the program is run. I know there is a way to add global exceptions to the local malware analysis module, however there is no such option available to me, and that's what i need

L2 Linker
  • 4 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!