Edit the settings of a custom exception.
You can change the following settings categories of custom exceptions:
-
General Settings: The name and description of the exception
Note
Context menu exceptions do not have names. -
Targets: The location of the objects or events you want to exclude from detectionsFor example, you can exclude objects on a specific endpoint using the endpointGUID field and the globally unique identifier (GUID) of the endpoint.
-
Event source: The types of events you want to exclude from detectionsException type allows you to select either Filter-based exception or Global exception. Filter-based exceptions apply only to events that match the filter specified in the exception. Global exceptions apply to every event.
WARNING
If you change Exception type from Filter-based exception to Global exception, you cannot revert this exception back to filter-based. -
Match criteria: The objects and events you want to exclude from detectionsFor example, you can exclude a specific file attachment using the file_sha1 field type, the attachmentFileHash field, and the secure hash algorithm 1 (SHA-1) of the file attachment.
Procedure
- Go to and click the Exceptions tab.
- Click
for the exception you want to modify.
- Edit the settings you want to modify.
- Click Save. Your changes might take a few minutes to take effect.