Contents x
      How To Add A Trusted Application
      • 10 May 2023
      • Dark
        Light
      Contents

      How To Add A Trusted Application

      • Updated on 10 May 2023
      • Dark
        Light
      Article Summary

      Introduction

      This will guide you to create exclusions within Elastic Security

      Process / Application Only
      The exemption is for PROCESSES.  There is no global whitelist for folders or files.  Whitelisting a folder will whitelist any processes that spawn from that folder.

      Log Into Your Elastic Instance

      Initially you will need to login to Elastic, follow the link below if you need help logging in.

      How To Login To Elastic Endpoint Security

      Set a Trusted Application

      Trusted Application vs Exception

      Trusted Application = Allowing a process to run.  Keeps Elastic Security from blocking the process.

      Exception = Merely silencing the Alert.  Elastic Security will continue to block the process.

      • Once you are logged into Kibana navigate to the Security section and select Trusted applications


      • From there on the right side of the page, click Add new trusted application.

      • Once there you will need to enter the desired information, make sure to provide detail of what its doing or internal documentation (ex. a case number) in the description.
      • Select the operating system
      • Field select Path
      • Operator select Matches
      • Value enter the path of the folders you want to exclude
        • EX: C:\TestApplication\**\*
      • Assignment you can select it to apply globally or assign them to a specific policy
      • Click Add trusted application


      Was this article helpful?
      What's Next
      Expedient Homepage

      To open a Support Ticket please visit the Support Management Console