Why some processes must be added to Low-Risk exclusions
Last Modified: 2023-01-03 21:54:07 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Why some processes must be added to Low-Risk exclusions
Technical Articles ID:
KB66036
Last Modified: 2023-01-03 21:54:07 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.x
Summary
This article explains why some software processes must be added to the ENS Low-Risk list with a Read or Write exclusion. It also offers general guidance on potential conflicts between ENS and third-party application software. The article isn’t specific to any particular non-Trellix application. Some application processes are known to generate high Input/Output (I/O) when running. These processes also compete with ENS scanning activities. Generic examples of such programs are backup applications and encryption software. The same can apply for custom applications that have been designed internally or by third-party software vendors. Issues might occur if an application is running high I/O, which usually involves many file read/write events or registry queries per millisecond. Because ENS processes the I/O, the third-party software or custom application can experience performance issues or errors. The issue occurs in many scenarios such as the following examples:
Related Information
See also "Preventing Threat Prevention from blocking trusted programs, networks, and services" section of the Endpoint Security 10.7 Product Guide.
Affected ProductsLanguages:This article is available in the following languages: |
|