Event Reporting and Sensor Operation Exclusions enable Carbon Black Cloud Endpoint Standard and Carbon Black Cloud Enterprise EDR customers to exclude event reporting and sensor operations to resolve operational issues, such as network performance issues, endpoint performance issues, or interoperability issues with third-party software.
Because Event Reporting and Sensor Operation Exclusions can reduce visibility and security efficacy for the processes to which they apply, they should be implemented carefully and selectively.
These exclusions are enforced by the sensor, meaning that excluded events are no longer reported from the sensor to Carbon Black Cloud and certain sensor operations no longer occur when the specified exclusion criteria are met.
Event Reporting and Sensor Operation Exclusions are supported by Windows sensors 3.6+.
Event Reporting and Sensor Operation Exclusions address operational issues. They are not intended to address issues concerning prevention efficacy.
Carbon Black Cloud Endpoint Standard customers should see Core Prevention Policy Exclusions and Set Permission Policy Rules to learn about features you can use to improve prevention efficacy and reduce false positives.
For information and recommendations about using Event Reporting and Sensor Operation Exclusions or Permissions, see Comparing Permissions to Exclusions.