This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Configuring Exceptions for Different Modules

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring Exceptions for Different Modules

dhervasg
L0 Member

‎06-26-2025 02:14 AM

Hello guys

 

I need to add exceptions for Windows HyperV servers.... and I have 2 questions:

 

Question 1

 

I need to add exceptions base on extensions...*.bin, *.vhdx, *.avhd.... etc, and exceptions base on process for instance Vmms.exe, VMwp.exe.... etc...

 

Can I configure the both types of exceptions and apply to the unique Profile or Policy to be applied to the Servers???

 

Question 2

 

When I add exception base on process, I can´t use it like this:

 

%systemroot%\System32\Vmms.exe

 

I just can write "Vmms.exe", is there any way to specify the patch with "%systemroot%\System32\Vmms.exe" ??

 

Thank you very much

David

 

 

 

 

 

 

 

 

0 Likes Likes
3 REPLIES 3

eluis
L4 Transporter

‎06-26-2025 09:55 AM

Hi David, 

 

In your case after reading you, I believe that you need to create a Legacy Exception Profile and applying it to your desired Profiles (in your case the ones that you apply to your servers).

You need to select the modules or all modules you want your exclusion to be applied to.

Please check the picture and let me know if this works for you. 
Im attaching the documentation on how to create the exception profiles too:

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Set-up-endpoint-profi...

 

LegacyExceptionProfile_2025-06-26 184817.png

 

Feel free to click on like the answer if this helped you. 

 

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.

 

KR, 

Luis

0 Likes Likes

dhervasg
L0 Member
In response to eluis

‎06-30-2025 07:56 AM

Hi Luis

 

Thank you for your help in advance.

 

I kno whow to create exceptios, for intstance for a specific process. I know I have to create e Legacy Agent Exception, then link this Legay Agent Exception with my Exceptions Profile, and then it will be applied to my policy.

 

The problem is that I don´t know how to create a Legacy Agent Exceptions wiht a mix of types (process, file extensions, etc...) for instance, I have to create a Exceptions for a HyperV environtment, and if we read the Microsoft recomendations, we have to create exceptions among many others for:

Files *.vhd

Files *.vhdx

Files *.bin

Process: %systemroot%\System32\Vmms.exe

Process: %systemroot%\System32\Vmwp.exe

 

as far as I know, I can create:

 

One Legacy Agents Exceptions for file extensions

A Second Legacy Agents Exceptions for process

 

But I can´t assign both to my Exceptions Profile. So I wolud need to "create" a unique Legay Agent Exceptions with all kind of exceptions (Process, paths, file extensions...) and the apply it to my Exceptiosn Profile.

 

Do you know what i Mean?

 

Exclusiones de antivirus recomendadas para hosts de Hyper-V - Windows Server | Microsoft Learn

 

thank you very much

David

 

 

 

 

 

0 Likes Likes

jmazzeo
L5 Sessionator

‎06-30-2025 08:32 AM

Hi @dhervasg,

 

You can add paths and files using wildcards, depending on which module you select when creating the exception. For the BTP module, you can add paths or file extensions:

 

jmazzeo_0-1751297446037.png

From Palo Alto, we never recommend to create exceptions to any application before installing the agent. The best practice is to install the agent with all the Malware modules in "Prevent", if any alert is created about a well known application, then you can create the exception to be ready when you change to "Block" mode.

JM
0 Likes Likes
  • 269 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks