Whitelisting of files under legacy agent exception

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Whitelisting of files under legacy agent exception

L3 Networker

Hello Team,

- For exceptions, whether we have to create rule for each of the module profiles to whiltelist the file path?

- Is there any way that we can create only one and it applies to all other pofiles.

 

1 REPLY 1

L4 Transporter

Hello @RamyashreeMada 

 

Thanks for reaching out on LiveCommunity.

Creating an exception with broad scope is not a good security practise. Cortex XDR enable you to create granular exceptions by allowing you to choose particular module/profile. Hence we advise you to please investigate the alerts for the file for which you want to create exception. In alerts table, there is a column named "Module". Module column let you know which particular module has triggered the alert. Once you know the module, please create exception for that one only.

Same goes for the profiles, please try to minimise the scope. For example, it may be possible that only endpoints which belong to IT team need exception. Hence we should only create exception for profile which belong to IT endpoints. 

However, XDR allows you to select multiple profiles also.

Please let me know if you have more questions.

  • 658 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!