- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Types Of Path Exclusions with Capture Client 1.5.12 or Later
03/26/2020 
13 People found this article helpful
41,522 Views
Description
This Article Explains about Modes of Exclusions supported with Capture Client 1.5.12 or later versions.
"No Monitor Exclusion has been replaced with more granular exclusion modes for path exclusions"
Resolution
Its suggested to use the least severe exclusion option to resolve interoperability or performance issues, and try the exclusion modes in the order shown. Use the Performance Focus options only if the Interoperability options do not resolve the issues.
Interoperability or Performance exclusions have more risk than regular exclusions because all operations that start from or use the excluded item are not fully visible to Capture Client, hence this can affect mitigation if an excluded item is part of a malicious execution. So please Contact SonicWALL Support before you use Interoperability or Performance exclusions
Following are the explanation of the different levels of interaction that the new console/agents have when creating exclusions:
ü Suppress Alerts (default Path exclusion): Do not display alerts or mitigate detections on the excluded processes.
Ø More info: If the root of a threat group is suppressed, alerts for the child processes are also suppressed.
Ø Usage example: Stop false positives from a specific file or process.
Ø Caution: Make sure the detection that the exclusion is based on is a false positive. Legitimate threats in the path will not be mitigated.
ü Interoperability: Reduce the monitoring level on the excluded processes.
Ø More Info: This exclusion stops the Agent DLL from injecting to processes in the path. This reduces Agent interaction with these processes. The Agent continues to monitor and use kernel events.
Ø Usage example: To solve interoperability issues related to the Agent code injection into other applications.
Ø Caution: This lowers protection as it reduces events that the Agent monitors.
ü Interoperability - extended: Reduce the monitoring level on the excluded processes and their child-processes (Same as the Interoperability option but includes child-processes.
Ø Usage example: To solve interoperability issues related to the Agent code injection into other applications, when the Interoperability option did not resolve the issue.
ü Performance Focus: Disable monitoring of the excluded processes.
Ø More info: It stops the Threat Protection Engine DLL from injecting to processes in the path and stops monitoring most kernel events. Agents do not use OS events that are generated by or for the excluded process.
Ø Usage example: To solve issues where a specific application generates many events (like file operation, registry, process, memory) and causes a high CPU utilization on the endpoint, due to Agent event analysis
Ø Caution: This lowers protection significantly as the Agent does not monitor the excluded processes.
ü Performance Focus - extended: Disable monitoring of the excluded processes and their child-processes. (Same as the Performance Focus but includes child processes.)
Ø Usage example: To solve issues where a specific application generates many events due to Agent event analysis, when the Performance Focus option did not resolve the issue.
Related Articles
- Upgrading and Migrating Clients to Capture Client 3.6
- How do I send capture client TSR to tech support
- Recommendations for Ransomware Protection with Capture Client
YES
NO