Help CenterThe Excluded Process List for Registry Advanced Setting allows administrators to exclude specific processes from having their registry activity monitored by the ThreatLocker Agent. This was originally developed to support targeted performance optimizations for specific environments experiencing high volumes of registry activity from a specific process.
This option is intended for advanced use cases where there is a clear and validated need. Before applying exclusions, administrators should carefully evaluate the security impact and ensure that the excluded processes are well understood and deemed low risk.
Please Note: This Advanced Setting should be implemented with caution. Excluding processes from monitoring their registry activity effectively creates a visibility gap, preventing the agent from monitoring, detecting or responding to actions within those locations. Misuse or overuse of this feature can introduce security risks by allowing potentially malicious behavior to go unmonitored.
This Advanced Setting requires Windows Agent 10.9.2 or above.
Navigate to Advanced Settings.
Select the '+ New Setting' button at the top left-hand side of the screen.
In the Setting Type dropdown, select 'Excluded Process List for Registry'.
Select the Applies To location where this setting should impact.
Next, select whether to add this setting to the top of the Advanced Setting list or the bottom. Advanced Settings are applied from the top down.
In the 'Parameters' section, enter the full path of the process that you want to exclude from monitoring its registry activity.
Select the green '+' button to add the input process to your list.
Select the blue 'Create' button to save the setting.
On the main grid, press the Update Agents button to apply the setting to the agents.
