Potentially Unwanted Program exclusions aren't honored with "Scan processes on service startup and content update" enabled
Last Modified: 2023-07-07 09:18:38 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Potentially Unwanted Program exclusions aren't honored with "Scan processes on service startup and content update" enabled
Technical Articles ID:
KB94512
Last Modified: 2023-07-07 09:18:38 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.x
Problem
The setting "Scan processes on service startup and content update" is enabled in the Endpoint Security Threat Prevention, On-Access Scan policy. Potentially Unwanted Program detections still happen during normal on-access scanning (OAS) even though you excluded the Potentially Unwanted Program by detection name in the Endpoint Security Threat Prevention, Options policy. By default, the setting "Scan processes on service startup and content update" is disabled as it can be impactful, depending on workloads, to the overall perceived performance of a system.
System Change
The setting "Scan processes on service startup and content update" was enabled in the OAS policy. Now, the exclusions for Potentially Unwanted Programs are seemingly not working correctly.
Cause
When the setting "Scan processes on service startup and content update" is enabled, ENS scans processes when they start. The scanning of processes is achieved through initiating a small on-demand scan (ODS) against the process. This small ODS takes certain ODS presets into consideration when run. But, these presets might not include the exclusion configuration for Potentially Unwanted Programs. SolutionTechnical Support is investigating this issue. If you experience this issue, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Workaround
To work around this issue, you can disable the setting "Scan processes on service startup and content update" in the OAS options.
Related Information
Key search string assistance: Affected ProductsLanguages:This article is available in the following languages: |
|