You can add a Core Prevention process exclusion from the Policy page.

For wildcard usage and syntax guidelines, see Core Prevention Policy Exclusions.

Procedure

  1. On the Enforce > Policies > SelectedPolicy > Prevention tab, click the Add Exclusion button.
    Figure 1. Add Exclusion
    Add exclusion screen
  2. On the Add Exclusion page, choose a process type:
    • Parent process
    • Process
    For either the parent or primary process, you can specify the process path, command line, hash, or certificate information. You do not have to use all these attributes — they allow for granular exclusions if necessary.
  3. Choose an attribute for the process type:
    SHA-256 Allow a process with a specified hash to run. If the process hash changes, you must update the exclusion accordingly.
    Path Allow an application to run from the specified path, regardless of the software version. Limit wildcards to keep the exclusion narrow.
    CMD Allow an application to run trusted commands or sets of commands: for example, commands run by Microsoft SCCM.
    Certificate Allow a process signed by a specific certificate authority and publisher to run. If the certificate authority or publisher changes, you must update the exclusion accordingly.
  4. You can add a note to the exclusion.
  5. Click Next.
  6. Review your selection and click Save.