Views:

Configure and manage exclusion settings for your endpoint security features.

Important
Important
  • The Exclusions module is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • Exclusions uses program lists for configuring the Trusted programs list. Configure program lists in policy resources before configuring Exclusions.
  • The Trend Vision One Endpoint Security agent version 202601 supports selecting up to two program lists.
  • Older agent versions only support selecting one list at a time. Selecting more than one list for older agent versions might cause unwanted behavior.
  • Configuring Exclusions impacts other security modules. Carefully review your settings before saving.
  • Navigating between the security modules or leaving the Policy Settings screen discards any unsaved changes. To avoid losing your work, always click Save before leaving the current screen.
The Exclusions module manages exceptions used across endpoint protection features. Exclusions prevents any specified rule ID or trusted program from security scans and monitoring detections.
  • Rule exceptions allow you to manage and configure which rules you want to exclude from Anti-Malware scans.
  • The Trusted programs list allows you to specify programs you trust to exclude from scans, alerts, and other features. The following security modules and features apply the Trusted programs list:
    • Anti-Malware scans
    • Application Control lockdown mode
    • XDR for Endpoints (EDR)

Procedure

  1. To exclude certain rules from security scans, configure the Rule exceptions.
    1. Click Add rule.
    2. Specify the Rule ID for the rule you want to exclude.
      Rule IDs can be located by viewing event logs and copying the following fields:
      • For gray detection file-triggered logs, use the malName value.
      • For gray detection behavior-triggered logs, use the ruleName value.
      • For Behavior Monitoring, use the ruleId or ruleName value.
  2. To exclude programs you trust from scans and lockdown mode, select up to two Program lists under Trusted programs list.
    You can configure and manage program lists in policy resources.