Monitoring and Exclusions
Define which processes are monitored by the Forensics component.
In the default monitoring settings, processes with certificates from some trusted companies are excluded.
You can , , and exclusions from the list.
To exclude a process from monitoring:
- From a SandBlast Agent Forensics and Anti-Ransomware rule in the , right-click the action and select .
- Click .
- In the window that opens select:
- - To exclude an executable. You can also include Certificate information.
- In , enter the name of the executable.
- Optional: Enter more information in the fields shown is the company that signs the certificate. The more information you enter, the more specified the exclusion will be.
- - To exclude processes based on the company that signs the certificate, for example, Google.
- In , enter a name of company that signs certificates, or browse to add a certificate file.
- Click
- The exclusion is added to the Exclusions list.