This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PSEXEC exclusions

Hello,

 

We have a situation where PSEXEC is getting blocked as adware, so we want to put an exception for the same while keeping the alerts coming but not blocking the same.

 

What is the best way to achieve this? I mean from application exception under antivirus policy by putting PSEXEC in authorization category? or exception from application control policy by specifying alert message and adding under authorization?

 

Looking for quick help.

 

Thanks,

Abhijeet



This thread was automatically locked due to age.
Parents Reply
  • Hello Abhijeet,

    If you put an AV exception in, there will be no event detection as it will be excluded before the need to record.

    If users need it but you want to control whom can have it, I would recommend creating two policies wherein PSExec is blocked on the bottom one but has an in-policy exclusion for PSExec in the other. It's a bit more of a management overhead as you have to manage two policies but there is no way around that unfortunately.

    Emile

Children
No Data