If the process is trusted, you can add a generic exclusion for the process, including the process path, signer information, or MD5 hash.
NOTE: The exclusion is applicable for all Class Files, Registry, and Process signatures available in the ENS Exploit Prevention content.
- Log on to the ePO console.
- Click the System Tree tab.
- Click the Assigned Policies tab for the managed subgroup under My Organization.
- Select Endpoint Security Threat Prevention from the Product drop-down list.
- Click the assigned Exploit Prevention policy.
- Click Show Advanced.
- Make sure that the Exploit Prevention option is selected.
- Go to the Exclusions section and click Add.
- Select the Files - Processes - Registry option from the Exclusion Type drop-down list.
- Provide the details for the exclusion:
- Name: Provide a valid file name for the extension. For example,
smsexec.exe . - File name or path: Provide the complete file path. Use wildcard characters if needed. For example,
E:\PROGRAM FILES\MICROSOFT CONFIGURATION MANAGER\BIN\X64\SMSEXEC.EXE . - MD5 hash: Provide the MD5 hash (optional).
- Signer: Provide valid signer information (optional).
- Name: Provide a valid file name for the extension. For example,
- Click Save. The exclusion is visible in the Exclusions section.
- Click Save.
- Enforce policies on the client system. The exclusion is visible in the client ENS console under Settings, Threat Prevention, click Show Advanced, Exploit Prevention, Exclusions section.