Views:

Configure and manage exclusion settings for your endpoint security features.

Important
Important
  • The Exclusions module is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • Some features in Exclusions are part of Endpoint Security Pro. Endpoint Security Pro requires 25 credits per endpoint:
    • Recommendation Scan: Using recommendation scan requires Endpoint Security Pro.
      This feature currently only requires the Endpoint Security Pro package for agents with Server & Workload Protection features. Recommendation scan is currently free to use for agents with Standard Endpoint Protection and will become a paid feature in the future.
      Recommendation Scan does not support macOS deployments.
  • Exclusions uses program lists for configuring the Trusted programs list. Configure program lists in policy resources before configuring Exclusions.
  • The TrendAI Vision One™ Endpoint Security agent version 202601 supports selecting up to two program lists.
  • Older agent versions only support selecting one list at a time. Selecting more than one list for older agent versions might cause unwanted behavior.
  • Configuring Exclusions impacts other security modules. Carefully review your settings before saving.
  • Navigating between the security modules or leaving the Policy Settings screen discards any unsaved changes. To avoid losing your work, always click Save before leaving the current screen.
The Exclusions module manages exceptions used across endpoint protection features. Exclusions prevents any specified rule ID or trusted program from security scans and monitoring detections.
  • Recommended exclusions and Application status and configuration: Manage the list of applications and whether agents adopt the exclusions. To allow agents to dynamically apply recommended exclusions, enable the recommendation scan.
  • Rule exceptions: Specify which rules, based on the rule ID, you want to exclude from Anti-Malware scans.
    Rule IDs can be located by viewing event logs and copying the following fields:
    • For gray detection file-triggered logs, use the malName value.
    • For gray detection behavior-triggered logs, use the ruleName value.
    • For Behavior Monitoring, use the ruleId or ruleName value.
  • Trusted programs list: Use a program list from Policy Resources to specify programs you trust to exclude from scans, alerts, and other features. The following security modules and features apply the Trusted programs list:
    • Anti-Malware scans
    • Application Control lockdown mode
    • XDR for Endpoints (EDR)

Procedure

  1. Configure Recommendation settings.
    Recommendation settings control which recommended applications agents exclude when monitoring and scanning your endpoints.
    • Exclude recommended application you have configured to "Always" status : Only excludes an application if you change the Status of the application to Always in the Application status and configuration table.
    • Use Recommendation Scan to dynamically apply rules to each endpoint: Allow agents to run the Recommendation Scan and dynamically apply exclusions to each endpoint. Recommendation scan analyzes your security environment and the context for each endpoint, allowing agents to determine which applications with the Dynamic status to exclude from scans.
  2. Manage Application status and configuration.
    1. Locate the application exclusion you want to configure.
      Use the search and filters to find the application you want to manage.
    2. Configure the exclusion status.
      • Dynamic: Agents might apply the exclusion to security scans depending on your recommendation settings. Dynamic is the default setting. You must manually change the rule status if you want to set a rule to Always or Never.
      • Always: Agents exclude the application regardless of your recommendation settings. You can configure up to 350 rules with the always applied status.
      • Never: Agents do not exclude the application regardless of your recommendation settings.
  3. To exclude certain rules from security scans, configure the Rule exceptions.
    1. Click Add rule.
    2. Specify the Rule ID for the rule you want to exclude.
      Rule IDs can be located by viewing event logs and copying the following fields:
      • For gray detection file-triggered logs, use the malName value.
      • For gray detection behavior-triggered logs, use the ruleName value.
      • For Behavior Monitoring, use the ruleId or ruleName value.
  4. To exclude programs you trust from scans and lockdown mode, select up to two Program lists under Trusted programs list.
    You can configure and manage program lists in policy resources.