Long Arrow Right External Link angle-right Search Send Times Loader chevron-down thumb-up thumb-down Spinner angle-left
Go to ThreatLocker

Excluded Processes

ThreatLocker provides the ability to specify certain processes that will be excluded from monitoring by ThreatLocker. This should only be used in very specific circumstances. Nothing will be blocked, or logged in the Unified Audit if it is being run by the process set to be excluded. No ThreatLocker policies will take effect on processes that have been set to be excluded.

It is important to note that the processes are excluded based on the path you specified, not the hash. Care must be taken when deciding to exclude a process from monitoring by ThreatLocker. 

Setting Up an Excluded Process

Navigate to the Computer Groups page.

undefined

Click the edit button (pencil icon) next to the group you'd like to place the excluded process on.

undefined

Type the exact path into the textbox and click the 'Add' button. Wildcards do not work in this area. Use the complete process path, including the file extension.

undefined

Click the 'Save' button at the top of the window.

undefined

Please reach out to a Cyber Hero if you are considering setting up an Excluded Process so they can be sure you are keeping your environment as secure as possible.

Did this answer your question?
Thanks so much for your feedback!
%s of people found this helpful.