Environment
- EDR Servers: 7.6.1 and higher
- EDR Windows Sensors: 7.3.0 and higher
Question
Why are netconns reported after the Windows exclusions have been applied?
Answer
This is expected for the initial Windows exclusion release. Excluding the network communications is on the roadmap for a future release.
Additional Notes
- The exclusion option 'Network connections' for Windows sensors is unused in the initial releases.
- The exclusion option 'Process information' for Windows sensors is unused since the process create, terminate and child messages are needed for data integrity.
- Tamper detection and protection take priority over Windows exclusions.
Related Content