Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Why are NetConns Reporting After Windows Exclusions Have Been Applied?

EDR: Why are NetConns Reporting After Windows Exclusions Have Been Applied?

Environment

  • EDR Servers: 7.6.1 and higher
  • EDR Windows Sensors: 7.3.0 and higher

Question

Why are netconns reported after the Windows exclusions have been applied?

Answer

This is expected for the initial Windows exclusion release.  Excluding the network communications is on the roadmap for a future release.

Additional Notes

  • The exclusion option 'Network connections' for Windows sensors is unused in the initial releases.
  • The exclusion option 'Process information' for Windows sensors is unused since the process create, terminate and child messages are needed for data integrity.
  • Tamper detection and protection take priority over Windows exclusions.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-22-2022
Views:
134
Contributors