This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DanielTveriya
Explorer
Tuesday
Jump to solution

Create exclusion for specific process

Hi,

I am having trouble excluding processes that Harmony EDR blocks.
The Protection name is: RAT_Linux_NukeSped_D
I tried a few exclusions, but it didn't work.

It's happening when we're running a build with Docker on Linux endpoints.
In the log, it shows 2 preventive actions.

My goal is to exclude this kind of process and not all the Protection name.

Thanks

 

 

 

  

 

Preview file
47 KB
Preview file
62 KB
0 Kudos
1 Solution

Accepted Solutions
lluner
Advisor
Wednesday
Jump to solution

@DanielTveriya 

You can create the exclusion; the link for help is below.

19112.png

sk181679 - Smart Exclusions - Syntax and Supported Capabilities for Exclusion Types

View solution in original post

10 Replies
the_rock
MVP Platinum
MVP Platinum
Tuesday
Jump to solution

Does it give an option anywhere from the log itself to add an exception?

Best,
Andy
0 Kudos
DanielTveriya
Explorer
Wednesday
In response to the_rock
Jump to solution

Hi Andy,
No, its not supported with creation of rule from logs view, becasue its linux agent.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Wednesday
In response to DanielTveriya
Jump to solution

Understood Daniel. Maybe worth TAC case to confirm.

Best,
Andy
0 Kudos
DanielTveriya
Explorer
Wednesday
In response to the_rock
Jump to solution

Thanks Andy

Yes, I spoke with the support team, and they are testing it internally.

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Wednesday
In response to DanielTveriya
Jump to solution

Let us know how it goes.

Best,
Andy
0 Kudos
lluner
Advisor
Wednesday
Jump to solution

@DanielTveriya 

Right-clicking on the "prevent" alert (as shown in the image) does not display the exclusion option ?1911.png

0 Kudos
DanielTveriya
Explorer
Wednesday
In response to lluner
Jump to solution

Hi @lluner 

Unfortunately, this type of process is not supported for Linux endpoints.

Thanks

 

0 Kudos
lluner
Advisor
Wednesday
Jump to solution

@DanielTveriya 

You can create the exclusion; the link for help is below.

19112.png

sk181679 - Smart Exclusions - Syntax and Supported Capabilities for Exclusion Types

DanielTveriya
Explorer
yesterday
In response to lluner
Jump to solution

@lluner 

Thanks, my friend.

Yesterday I excluded the path for this process and it worked,

Wanted to update after I received feedback from the user.

Thanks for the help

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to DanielTveriya
Jump to solution

Excellent, thanks for letting us know!

Best,
Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events