ESET Online Help

Search
Select the category
Select the topic

Exclusions

ESET Inspect On-Prem allows you to match incoming events against rules. Rules are defined using an XML-based language to predicate conditions over events property (Module name, Hash, Signer, Popularity).

Rules can be edited, enabled or disabled when an events reception is provided to the RuleEngine component. It will be compiled and matched against the events, eventually raising a detection.

For this reason, you need to filter and exclude some detections.

As most filtering is based on the same property used in the rules, exclusions are defined using the same rules language. The advantage of this is that it allows for the fair reuse of existing machinery.

There is an editing tool wizard, as exclusions are usually strictly related to an existing rule. Starting from an existing detection, the wizard provides initial values for the exclusion rule conditions.

Filtering, Tags and Table options

Use filters at the top of the screen to refine the displayed items. Tags are powerful when searching for a specific computer, detection, incident, executable or script. Click the gear gear_icon icon for table options to manage the main table.

Click an exclusion name to take further action:

Edit

Go to the update exclusion window.

Enable

 

Disable

 

Delete

 

Access group

Displays the currently assigned access group. Click Move to reassign access group.

Tags

Assign detection tags from the existing list or create custom tags.

Filter

Show quick filters on the column where you activated the context menu (Show only this, Hide this).

New exclusion

Go to the Create exclusion window.

Export

Start the rule’s export process to an XML file, depending on the web browser.

Import

Open the window for import the XML rule file.