N-Central – AV – SentinelOne (EDR) – Adding Exclusions
Adding Exclusions from a detected item
- From SO Level expand Integrations > EDR > Analyze
- Locate the detected item that should be allowed and click on it
- Investigate and ensure you truly wish to create exclusion
- Select More in upper right hand corner and select appropriate action (Mark as benign is most likely what you are looking for)
Adding Exclusions before they get detected
- From SO Level expand Integrations > EDR > Analyze > Profiles
- Click the three dots on the far right side next to the profile you wish to modify and select Edit
- Click next
- Click Exclusions
OPTION 1 (BEST):
- Under Hash select New Exclusion
- Drop down OS and select appropriate OS
- Provide SHA1
- Enter a good description of why you are excluding so others can easily determine why this exclusion is there (such as program name)
- Select either Save or Save and add another
OPTION 2 (Lazy and less secure method)
*This method should only be used if OPTION 1 doesn’t work with your software
- Click Path on Left and then choose New exclusion
- Drop down OS and select appropriate OS
- Define Path and select Include Subfolders as required
- Select More Options and choose proper Exclusions Mode *This will require some testing to get the right option selected while still providing as much security as possible
- Enter a good description of why you are excluding so others can easily determine why this exclusion is there (such as program name)
- Select either Save or Save and add another
Advanced Options
- You can select to exclude certain web browsers under Browser section if a critical website does not work – would be highly recommended to restrict this web browser to only the website that you need to access a blocked site from that EDR is blocking
- File Type – only use this if absolutely necessary
- Signer Identity – you’ll need the certificate ID
