ThreatLocker provides the ability to specify certain processes that will be excluded from monitoring by ThreatLocker. This should only be used in very specific circumstances. Nothing will be blocked, or logged in the Unified Audit if it is being run by the process set to be excluded. No ThreatLocker policies will take effect on processes that have been set to be excluded.

It is important to note that the processes are excluded based on the path you specified, not the hash. Care must be taken when deciding to exclude a process from monitoring by ThreatLocker. 

Setting Up an Excluded Process

Navigate to the Computer Groups page.

Click the edit button (pencil icon) next to the group you'd like to place the excluded process on.

Type the exact path into the textbox and click the 'Add' button. Wildcards do not work in this area. Use the complete process path, including the file extension.

Click the 'Save' button at the top of the window.

Please reach out to a Cyber Hero if you are considering setting up an Excluded Process so they can be sure you are keeping your environment as secure as possible.